assigning to myself for now.

Any other logging? One thing to note is that --unmount_all doesnt' run sandboxed right now, so a dbus call will run in the sandbox. That could definitely be part of the issue. Disable EnterSandbox() in the mount helper and see if the issue persists.

No other logging in /var/log/message. No entries were found in dmesg.

Disabling EnterSandbox() does not change this behavior. I guess 
MountHelper::OnInit() also uses minijail.

So I tried again by disabling EnterSandbox() and then call CleanupAll as dbus API: 

2017-11-07T17:50:32.272708-08:00 NOTICE dbus[558]: [system] Activating service name='org.chromium.ImageLoader' (using servicehelper)
2017-11-07T17:50:32.297214-08:00 ERR imageloader[5229]: Failed to get the ownership of org.chromium.ImageLoader: Connection ":1.96" is not allowed to own the service "org.chromium.ImageLoader" due to security policies in the configuration file
2017-11-07T17:50:32.298294-08:00 CRIT imageloader[5229]: Check failed: bus_->RequestOwnershipAndBlock(service_name_, dbus::Bus::REQUIRE_PRIMARY). Unable to take ownership of org.chromium.ImageLoader#012/usr/lib64/libbase-core-395517.so(base::debug::StackTrace::StackTrace()+0x13) [0x7ab9dd745153]#012
2017-11-07T17:50:32.311357-08:00 INFO crash_reporter[5231]: libminijail[5231]: mount /dev/log -> /dev/log type ''
2017-11-07T17:50:32.314919-08:00 DEBUG kernel: [ 1079.229885] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
2017-11-07T17:50:32.327927-08:00 DEBUG kernel: [ 1079.242814] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
2017-11-07T17:50:32.333747-08:00 WARNING crash_reporter[5231]: Could not load the device policy file.
2017-11-07T17:50:32.334366-08:00 WARNING crash_reporter[5231]: [user] Received crash notification for imageloader[5229] sig 6, user 0 (developer build - not testing - always dumping)
2017-11-07T17:50:32.336608-08:00 INFO crash_reporter[5231]: State of crashed process [5229]: S (sleeping)
2017-11-07T17:50:32.358323-08:00 INFO crash_reporter[5231]: Stored minidump to /var/spool/crash/imageloader.20171107.175032.5229.dmp
2017-11-07T17:50:32.359250-08:00 INFO crash_reporter[5231]: Leaving core file at /var/spool/crash/imageloader.20171107.175032.5229.core due to developer image
2017-11-07T17:50:32.372096-08:00 NOTICE dbus[558]: [system] Activated service 'org.chromium.ImageLoader' failed: Launch helper exited with unknown return code 134

It looks like the issue is permissions. I tried this:

minijail0 -u chronos -G -I -l -n -r -v -S /opt/google/imageloader/imageloader-seccomp.policy -L -- /usr/sbin/imageloader --unmount_all


output:
/dev/mapper/control: open failed: Permission denied
Failure to communicate with kernel device-mapper driver.

var/log/messages:
2017-11-08T13:26:31.781974-08:00 WARNING minijail0[5231]: libminijail[5231]: allowing syscall: socket
2017-11-08T13:26:31.782160-08:00 WARNING minijail0[5231]: libminijail[5231]: allowing syscall: connect
2017-11-08T13:26:31.782296-08:00 WARNING minijail0[5231]: libminijail[5231]: allowing syscall: sendto
2017-11-08T13:26:31.784252-08:00 DEBUG kernel: [ 1776.268960] SELinux: initialized (dev proc, type proc), uses genfs_contexts
2017-11-08T13:26:31.807995-08:00 WARNING imageloader[5232]: libminijail[1]: logging seccomp filter failures
2017-11-08T13:26:31.810843-08:00 ERR imageloader[5232]: dm_task_create failed! xiaochu
2017-11-08T13:26:31.811206-08:00 ERR imageloader[5232]: Unable to determine loop device for /dev/mapper/EFCCF9B143DCA01FC28F42C974F32A959C01C972BFA34B5A2845459CD2EB1041
2017-11-08T13:26:31.811534-08:00 ERR imageloader[5232]: Failed to cleanup "/run/imageloader/cros-termina/10081.0.2"
2017-11-08T13:26:31.813761-08:00 ERR imageloader[5232]: --unmount_all failed!
2017-11-08T13:26:31.821600-08:00 INFO minijail0[5231]: libminijail[5231]: child process 5232 exited with status 1

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/imageloader/+/1c3fbed9123c081c73b1bc97f755ccf7a753b74d

commit 1c3fbed9123c081c73b1bc97f755ccf7a753b74d
Author: Xiaochu Liu <xiaochu@chromium.org>
Date: Sat Nov 18 04:18:47 2017

Support umount in helper_process

Currently mount points cleanup is called directly in imageloader_main
without sandboxing. In order for cleanup to work in non-root user in
sandboxed environment (dbus call), I provide a method in helper_process
to perform umount in sandbox as root.

It also fixes a bug in message deserialization where message could be
cut shorter accidentally due to encoding with string delimeter in the
middle.

BUG= chromium:784031 , chromium:782334 
TEST=unittest, mount/umount images on DuT

Change-Id: Ib4c7522c96165c6ffae4cb0342137f8a0bdcc07b
Reviewed-on: https://chromium-review.googlesource.com/767024
Commit-Ready: Xiaochu Liu <xiaochu@chromium.org>
Tested-by: Xiaochu Liu <xiaochu@chromium.org>
Reviewed-by: Greg Kerr <kerrnel@chromium.org>

[modify] https://crrev.com/1c3fbed9123c081c73b1bc97f755ccf7a753b74d/mount_helper.h
[modify] https://crrev.com/1c3fbed9123c081c73b1bc97f755ccf7a753b74d/helper_process.cc
[modify] https://crrev.com/1c3fbed9123c081c73b1bc97f755ccf7a753b74d/helper_process.h
[modify] https://crrev.com/1c3fbed9123c081c73b1bc97f755ccf7a753b74d/mount_helper.cc
[modify] https://crrev.com/1c3fbed9123c081c73b1bc97f755ccf7a753b74d/seccomp/imageloader-helper-seccomp-amd64.policy
[modify] https://crrev.com/1c3fbed9123c081c73b1bc97f755ccf7a753b74d/ipc.proto
[modify] https://crrev.com/1c3fbed9123c081c73b1bc97f755ccf7a753b74d/imageloader_impl.h
[modify] https://crrev.com/1c3fbed9123c081c73b1bc97f755ccf7a753b74d/imageloader_main.cc
[modify] https://crrev.com/1c3fbed9123c081c73b1bc97f755ccf7a753b74d/imageloader_impl.cc
[modify] https://crrev.com/1c3fbed9123c081c73b1bc97f755ccf7a753b74d/seccomp/imageloader-helper-seccomp-arm.policy
[modify] https://crrev.com/1c3fbed9123c081c73b1bc97f755ccf7a753b74d/mock_helper_process.h
[modify] https://crrev.com/1c3fbed9123c081c73b1bc97f755ccf7a753b74d/imageloader_unittest.cc
[modify] https://crrev.com/1c3fbed9123c081c73b1bc97f755ccf7a753b74d/seccomp/imageloader-helper-seccomp-x86.policy