CUPS and debugd are using files in /tmp/ to communicate |
||||||||||||
Issue descriptionDuring development of https://chromium-review.googlesource.com/c/chromiumos/platform2/+/1053426 (to attempt to reduce the filesystem surface area of debugd), we discovered that it needed to mount the initns /tmp in order for CUPS to work correctly. We should investigate if this is something that can be avoided in order to more tightly restrict the filesystem surface area.
,
May 30 2018
I'll look into what can be done.
,
May 30 2018
Is there a different file location that would be preferable or are we looking to remove the use of temp files completely?
,
May 30 2018
I guess /run/cups would be better than /tmp. But sharing the file descriptors rather than the paths would be even better than that.
,
May 30 2018
can you describe how the /tmp paths are used currently ? using dbus or even /run/cups/ would be preferable to /tmp.
,
May 30 2018
The lpadmin and cupstestppd tools expect to open a file by name. That's why we put the file in /tmp. I'll see if I can use /run/cups and look into reading the PPD from stdin in these tools.
,
May 30 2018
,
May 30 2018
,
May 30 2018
if perms are an issue, you could do something like /run/cups/dropbox/ which allows for writing by cups clients
,
Jul 11
,
Aug 10
,
Aug 10
,
Aug 10
,
Aug 14
We've noticed that ProcessWithOutput is using temporary files to buffer stdout and stderr. Is this set up to use a path which other process won't have access to?
,
Aug 14
sorry, but i don't understand what you're asking ProcessWithOutput uses tempfiles to hold the stdout/stderr while the process is running, but those exact paths shouldn't matter ... they aren't exposed to ProcessWithOutput users. the API only exposes functions to get the output as strings. so it is using /tmp, and because debugd (currently) doesn't create a unique /tmp mount, it's the same default /tmp that most of the system has access to. but the API we're using to create those temp files should be secure against collision attacks. and debugd doesn't expose those paths to any other program on the system.
,
Sep 18
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/6dae46e0f3448250011b7aaae0d15f709729eee3 commit 6dae46e0f3448250011b7aaae0d15f709729eee3 Author: Piotr Pawliczek <pawliczek@google.com> Date: Tue Sep 18 21:04:08 2018 debugd: Transfer a file to CUPS tools by stdin instead of a tempfile. This patch changes the way in which PPD file is shared with lpadmin and cupstestppd tools. In the previous version a PPD content was saved as temporary file, whose path was set as lpadmin/cupstestppd command line parameter. Now the PPD content is transfer to these processes by standard input. It allows to abolish the requirement of sharing between processes a common space with temporary files. BUG= chromium:847924 TEST=Tested on nautilus for 100 different PPD files CQ-DEPEND=CL:1182672 Change-Id: I4a76dd03c9615cf727cb4b4f09561c9fbf852052 Reviewed-on: https://chromium-review.googlesource.com/1185487 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Piotr Pawliczek <pawliczek@chromium.org> Reviewed-by: Sean Kau <skau@chromium.org> [modify] https://crrev.com/6dae46e0f3448250011b7aaae0d15f709729eee3/debugd/src/cups_tool.cc
,
Sep 20
,
Sep 24
,
Sep 24
if cups doesn't need /tmp anymore, can you cleanup the debugd bind mount of /tmp ? the only reason we added it was for cups. look in debugd/src/main.cc for more details.
,
Oct 16
After removing the following lines from debugd/src/main.cc:
if (minijail_bind(j.get(), "/tmp", "/tmp", 1))
LOG(FATAL) << "minijail_bind(\"/tmp\") failed";
a printing process fails in base::CreateAndOpenTemporaryFile(...) called from ProcessWithOutput::Init(). Temporary file is used to dump an output from forked process. It looks like the CreateAndOpenTemporaryFile function from base (src/aosp/external/libchrome/base/files/file_util*) tries to create a file in /tmp directory.
The class ProcessWithOutput is used in many places in debugd, so this problem is probably related to other debugd components as well.
,
Oct 16
you'll prob want to call minijail_mount_tmp instead to create a unique /tmp mount
,
Oct 19
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/39752f36b733d0c8df784d34c27784cad31a563b commit 39752f36b733d0c8df784d34c27784cad31a563b Author: Piotr Pawliczek <pawliczek@google.com> Date: Fri Oct 19 02:01:16 2018 debugd: Remove the debugd global bind mount of /tmp Replaces the global bind mount of /tmp directory by unique bind mount. BUG= chromium:847924 TEST=Tested on nautilus and elm Change-Id: Icee27cf1468d794aed93f1cd482053021101b141 Reviewed-on: https://chromium-review.googlesource.com/1284704 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Piotr Pawliczek <pawliczek@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/39752f36b733d0c8df784d34c27784cad31a563b/debugd/src/main.cc
,
Oct 19
,
Oct 19
thanks! |
||||||||||||
►
Sign in to add a comment |
||||||||||||
Comment 1 by vapier@chromium.org
, May 30 2018Labels: OS-Chrome