samus: containers can't access USB devices |
|||||||||
Issue descriptionon samus, we turned on containers, but device jail support in permission broker was missed meaning that USB devices aren't accessible in there. we had to land a CL to fix it: https://chromium-review.googlesource.com/517868 now we want to cherry pick that to R60. impact should be low as it only affects samus and one package (permission-broker).
,
Jun 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/8141b9614e48c14c24797bbba34d8a10082a59aa commit 8141b9614e48c14c24797bbba34d8a10082a59aa Author: Eric Caruso <ejcaruso@chromium.org> Date: Fri Jun 02 19:25:48 2017 container_utils: wait for device_jail_fs export in init device_jail_fs may take some time to mount if the fuse module is not loaded yet, so there is a potential race when starting up a container for the first time (and also if ARC++ has not been started). Here we use a post-start script to ensure that the process is not considered "started" until its mount shows up in the /proc/mounts table. BUG= chromium:728308 TEST=insert delay into device_jail_fs initialization sequence after it starts but before it registers the fuse filesystem, ensure that the device filesystem is still mounted inside the container when it starts up, verify that it works if ARC++ was not started first (and thus the fuse module hasn't been loaded prior) Change-Id: I4cf272506d3be3f09e8ddbe884769f24539cf48a Reviewed-on: https://chromium-review.googlesource.com/521802 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/8141b9614e48c14c24797bbba34d8a10082a59aa/container_utils/device-jail.conf
,
Jun 2 2017
Re-requesting merge for CL in comment #2.
,
Jun 3 2017
Your change meets the bar and is auto-approved for M60. Please go ahead and merge the CL to branch 3112 manually. Please contact milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), josafat@(ChromeOS), bustamante@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 5 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/dd57e38f05b37e842d80a1ac919a8252a978ae95 commit dd57e38f05b37e842d80a1ac919a8252a978ae95 Author: Eric Caruso <ejcaruso@chromium.org> Date: Mon Jun 05 16:10:32 2017 container_utils: wait for device_jail_fs export in init device_jail_fs may take some time to mount if the fuse module is not loaded yet, so there is a potential race when starting up a container for the first time (and also if ARC++ has not been started). Here we use a post-start script to ensure that the process is not considered "started" until its mount shows up in the /proc/mounts table. BUG= chromium:728308 TEST=insert delay into device_jail_fs initialization sequence after it starts but before it registers the fuse filesystem, ensure that the device filesystem is still mounted inside the container when it starts up, verify that it works if ARC++ was not started first (and thus the fuse module hasn't been loaded prior) Change-Id: I4cf272506d3be3f09e8ddbe884769f24539cf48a Reviewed-on: https://chromium-review.googlesource.com/521802 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> (cherry picked from commit 8141b9614e48c14c24797bbba34d8a10082a59aa) Reviewed-on: https://chromium-review.googlesource.com/524433 Reviewed-by: Eric Caruso <ejcaruso@chromium.org> Commit-Queue: Eric Caruso <ejcaruso@chromium.org> Trybot-Ready: Eric Caruso <ejcaruso@chromium.org> [modify] https://crrev.com/dd57e38f05b37e842d80a1ac919a8252a978ae95/container_utils/device-jail.conf
,
Jun 5 2017
,
Aug 1 2017
,
Jan 22 2018
,
May 9 2018
,
Jun 21 2018
|
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by sheriffbot@chromium.org
, Jun 1 2017