New issue
Advanced search Search tips

Issue 706498 link

Starred by 2 users

Issue metadata

Status: Assigned
Owner:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug



Sign in to add a comment

attestationd: mkdir not allowed by minijail

Project Member Reported by apronin@chromium.org, Mar 29 2017

Issue description

If /mnt/stateful_partition/unencrypted/preserve directory doesn't exist when attestationd needs to write attestaion.epb file, it attempts to create that directory. That fails since mkdir is not allowed by minijail:
2017-03-29T11:31:42.120079-07:00 ERR attestationd[4871]: libminijail[4871]: blocked syscall: mkdir


Note that if the directory doesn't exist when the daemon starts, the upstart script fails since it attempts the following in pre-start:
  chgrp preserve /mnt/stateful_partition/unencrypted/preserve
  chmod 775 /mnt/stateful_partition/unencrypted/preserve

Same thing should be happening with tpm_managerd and /var/lib/tpm_manager/local_tpm_data

It also starts with base::CreateDirectory() when writing to the file.
 
Triage nag: This Chrome OS bug has an owner but no component. Please add a component so that this can be tracked by the relevant team.
Components: OS>Systems>Security

Sign in to add a comment