cros-disks: run FUSE mounters in separate mount namespace |
|||||
Issue descriptioncros-disks should run each FUSE mounter into a separate mount namespace, with /media/removable being a shared mount, so that only mount / unmount events under /media/removable will be propagated from FUSE mounter namespace to the primary namespace.
,
May 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/44125df0553a4b77801dc950b5d695f0e483aa76 commit 44125df0553a4b77801dc950b5d695f0e483aa76 Author: Ben Chan <benchan@chromium.org> Date: Fri May 26 00:15:51 2017 cros-disks: put FUSE mount programs in new mount namespace This CL changes cros-disks to put FUSE mount programs in a new mount namespace, which prevents mounts, so mounts inside that namespace don't normally propagate out except when a mount is created under /media, which is marked as a shared mount (by chromeos_startup). This prevents the FUSE mount program from remounting an existing mount point outside /media. BUG= chromium:722946 TEST=Tested the following: 1. Run platform_CrosDisksFilesystem tests. 2. Insert an NTFS formatted USB drive and verify read/write operations on the drive via Files.app. 3. Insert an exFAT formatted USB drive and verify read/write operations on the drive via Files.app. Change-Id: I14911b965964f5d97140864d0f4c5f35952ac04e Reviewed-on: https://chromium-review.googlesource.com/513490 Commit-Ready: Ben Chan <benchan@chromium.org> Tested-by: Ben Chan <benchan@chromium.org> Reviewed-by: Ben Chan <benchan@chromium.org> [modify] https://crrev.com/44125df0553a4b77801dc950b5d695f0e483aa76/cros-disks/fuse_mounter.cc [modify] https://crrev.com/44125df0553a4b77801dc950b5d695f0e483aa76/cros-disks/sandboxed_process.cc [modify] https://crrev.com/44125df0553a4b77801dc950b5d695f0e483aa76/cros-disks/sandboxed_process.h
,
May 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/0dd418890c526eb1c0e03e889cfc3d81bceb5ede commit 0dd418890c526eb1c0e03e889cfc3d81bceb5ede Author: Ben Chan <benchan@chromium.org> Date: Fri May 26 00:15:51 2017 cros-disks: further restrict FUSE mount programs This CL changes cros-disks to further restrict FUSE mount programs as follows: - put in new cgroup, IPC, network namespace - set no_new_privs bit BUG= chromium:722946 TEST=Tested the following: 1. Run platform_CrosDisksFilesystem tests. 2. Insert an NTFS formatted USB drive and verify read/write operations on the drive via Files.app. 3. Insert an exFAT formatted USB drive and verify read/write operations on the drive via Files.app. Change-Id: I813edeb8e2f47212ee55c1a42fb4e099ec62a284 Reviewed-on: https://chromium-review.googlesource.com/513491 Commit-Ready: Ben Chan <benchan@chromium.org> Tested-by: Ben Chan <benchan@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/0dd418890c526eb1c0e03e889cfc3d81bceb5ede/cros-disks/fuse_mounter.cc [modify] https://crrev.com/0dd418890c526eb1c0e03e889cfc3d81bceb5ede/cros-disks/sandboxed_process.cc [modify] https://crrev.com/0dd418890c526eb1c0e03e889cfc3d81bceb5ede/cros-disks/sandboxed_process.h
,
May 26 2017
Should we mark this Fixed and follow up in issue 726036 ?
,
May 26 2017
Re #4: I was looking into the issue with PID namespace, but I'll follow up on that in issue 726036 instead (as this issue is about mount namespace)
,
May 26 2017
Given that we have merged the updated exfat-fuse in M59, do we see the urgency to merge this change to M59?
,
May 26 2017
I don't think we need to merge to 59.
,
May 27 2017
,
Sep 2 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 22 2018
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by mnissler@chromium.org
, May 16 2017Labels: -Restrict-View-Google Restrict-View-SecurityTeam