Issue metadata
Sign in to add a comment
|
cryptohome: cleanup mounting logic |
||||||||||||||||||||||
Issue description[Inspired by comments from https://crrev.com/c/804681 review] 1) Cryptohomed has multiple D-Bus entry points that allow mounting and unmounting. It is not clear which of them are currently in use and for what use cases. At least MountEx and AsyncMountGuest are in uses (kiosks may use more). It makes sense to reduce all mounts to a single set of mount/unmount (or rather sign-in/sign-out - see #3 below) calls, probably based on MountEx for mounting. That will eliminate a lot of dead code, greatly simplify understanding cryptohome workflows, and will allow further improvements (e.g. the one in #2 below). 2) In its current state, cryptohome doesn't have proper separation of concerns between different layers involved in mounting user homedirs. Specifically, Mount class, besides actually mounting the directory, also finalizes boot lockbox, deals with chaps keys, for example. soon it will also be dealing with telling TPMs what type of user is currently signed in. The mount destinations for various migration cases may also be better set by an upper layer. Plus, it makes sense to split dircrypto and ecryptfs versions, and call one or both of them depending on flags from the upper layer. 3) It is not clear if mounting is always synonymous to user sign-in. Some actions, like adding PKCS#11 token are now tied to mounting, but conceptually are a part of the user sign-in. Mounting is also used as the only means to verify user credentials locally. So, they are tightly coupled. Unless some decoupling makes sense and is planned, we may want to better express the intent in the cryptohomed interface and call these actions sign-ins/sign-outs rather than mounting/unmounting (if not in the D-Bus method names then at least in comments and other documentation).
,
Dec 15 2017
#1 is duplicate of 765525, #2 and #3 are not. I'd rather say, this one, being an umbrella bug, should depend on 765525.
,
Jan 30 2018
,
Feb 1 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/1d2f80f3266cc69823c4d7381a9b79f87f2d3142 commit 1d2f80f3266cc69823c4d7381a9b79f87f2d3142 Author: Eric Caruso <ejcaruso@chromium.org> Date: Thu Feb 01 06:39:02 2018 cryptohome: remove public_mount option from AsyncMount Public mounts are always handled with MountEx now, so this function was always called with literal false for this argument, rendering some of its body completely dead. BUG=chromium:795310 TEST=unit tests Change-Id: Iec7027767e30271adbfad40e5f749b8ca35e3135 Reviewed-on: https://chromium-review.googlesource.com/895196 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/1d2f80f3266cc69823c4d7381a9b79f87f2d3142/cryptohome/service.h [modify] https://crrev.com/1d2f80f3266cc69823c4d7381a9b79f87f2d3142/cryptohome/service.cc
,
May 18 2018
A question: Is the "Mount" method also a candidate for deletion (to be replaced with "MountEx")? Context for the question: I'm moving some bits of logic into "MountEx", and, consequently, I need to also duplicate some part of it in "Mount". Therefore I'm thinking whether I should try to generalize the new bits to be reused across these two (Service::Mount() and Service::DoMountEx()), or we can tolerate the increase of copy-pasted stuff between them.
,
May 24 2018
+Erik - Please see comment 5. I see that you did some related work in https://crrev.com/c/900283 ; do you know if it'll be hard to remove Service::Mount() completely? (I can create the CL myself then.)
,
Aug 3
This bug has an owner, thus, it's been triaged. Changing status to "assigned".
,
Oct 12
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by gwendal@chromium.org
, Dec 15 2017Status: Duplicate (was: Untriaged)