New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 861633 link

Starred by 1 user
Status: Fixed
Owner:
mortonm@chromium.org
Closed: Jul 13
Cc:
youcheng@chromium.org
bleung@chromium.org
jettrink@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

security_StatefulPermissions flaky if shill is run in minijail

Project Member Reported by kinaba@chromium.org, Jul 9 
CC: Sheriffs
OS: Chrome OS R69-10850.0.0

https://stainless.corp.google.com/search?view=matrix&row=build&col=test&first_date=2018-07-03&last_date=2018-07-09&test=security_StatefulPermissions&status=GOOD&status=WARN&status=FAIL&status=ERROR&exclude_cts=false&exclude_not_run=false&exclude_non_release=false&exclude_au=true&exclude_acts=true&exclude_retried=true&exclude_non_production=false

The test started occasionally failing by something like:

/mnt/stateful_partition/encrypted/var/cache/edb -prune -o -path /mnt/stateful_partition/encrypted/var/lib/gentoo -prune -o -path /mnt/stateful_partition/encrypted/var/log/portage -prune -o -path /mnt/stateful_partition/dev_image -prune -o -path /mnt/stateful_partition/var_overlay -prune -o -path /mnt/stateful_partition/encrypted/var/tmp -o  -writable -ls -o -user shill -ls 2>/dev/null;echo EOF' shill'
07/08 16:01:38.240 ERROR|security_StatefulP:0281| Test for 'shill' found unexpected files:
   410    4 -rw-r--r--   1 shill    shill          25 Jul  8 15:49 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708154934/uptime-network-ethernet-idle
   409    4 -rw-r--r--   1 shill    shill          22 Jul  8 15:45 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708154934/uptime-network-ethernet-configuration
   412    4 -rw-r--r--   1 shill    shill          12 Jul  8 15:45 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708154934/uptime-network-ethernet-ready
   431    4 -rw-r--r--   1 shill    shill         198 Jul  8 15:45 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708154934/disk-network-ethernet-configuration
   434    4 -rw-r--r--   1 shill    shill          99 Jul  8 15:45 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708154934/disk-network-ethernet-ready
   433    4 -rw-r--r--   1 shill    shill          99 Jul  8 15:45 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708154934/disk-network-ethernet-online
   411    4 -rw-r--r--   1 shill    shill          12 Jul  8 15:45 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708154934/uptime-network-ethernet-online
   432    4 -rw-r--r--   1 shill    shill         198 Jul  8 15:49 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708154934/disk-network-ethernet-idle
   315    4 -rw-r--r--   1 shill    shill          12 Jul  8 15:42 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708154459/uptime-network-ethernet-idle
   314    4 -rw-r--r--   1 shill    shill          24 Jul  8 15:42 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708154459/uptime-network-ethernet-configuration
   317    4 -rw-r--r--   1 shill    shill          12 Jul  8 15:42 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708154459/uptime-network-ethernet-ready
   339    4 -rw-r--r--   1 shill    shill         198 Jul  8 15:42 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708154459/disk-network-ethernet-configuration
   342    4 -rw-r--r--   1 shill    shill          99 Jul  8 15:42 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708154459/disk-network-ethernet-ready
   341    4 -rw-r--r--   1 shill    shill          99 Jul  8 15:42 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708154459/disk-network-ethernet-online
   316    4 -rw-r--r--   1 shill    shill          12 Jul  8 15:42 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708154459/uptime-network-ethernet-online
   340    4 -rw-r--r--   1 shill    shill          99 Jul  8 15:42 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708154459/disk-network-ethernet-idle
   481    4 -rw-r--r--   1 shill    shill          11 Jul  8 15:49 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708155134/uptime-network-ethernet-idle
   480    4 -rw-r--r--   1 shill    shill          23 Jul  8 15:49 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708155134/uptime-network-ethernet-configuration
   483    4 -rw-r--r--   1 shill    shill          12 Jul  8 15:49 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708155134/uptime-network-ethernet-ready
   502    4 -rw-r--r--   1 shill    shill         198 Jul  8 15:49 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708155134/disk-network-ethernet-configuration
   505    4 -rw-r--r--   1 shill    shill          99 Jul  8 15:49 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708155134/disk-network-ethernet-ready
   504    4 -rw-r--r--   1 shill    shill          99 Jul  8 15:49 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708155134/disk-network-ethernet-online
   482    4 -rw-r--r--   1 shill    shill          12 Jul  8 15:49 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708155134/uptime-network-ethernet-online
   503    4 -rw-r--r--   1 shill    shill          99 Jul  8 15:49 /mnt/stateful_partition/encrypted/var/log/metrics/shutdown.20180708155134/disk-network-ethernet-idle

Some care looks to be taken in the past (https://chromium-review.googlesource.com/c/1099190/) but was it not sufficient?

+Micah, could you take a look?

Comment 2 by mortonm@chromium.org, Jul 9 

The revert in CL:1128682 should fix this since it won't be the "shill" user creating/writing those files anymore, but this will have to be fixed before we re-enable shill sandboxing.

Comment 3 by mmenke@chromium.org, Jul 9

Components: -Internals>Network>Connectivity OS>Systems>Network

Comment 4 by kinaba@chromium.org, Jul 10

Summary: security_StatefulPermissions flaky since R69-10850.0.0 (was: security_StatefulPermissions flaky since R69-10850.0.0 on CQ/PFQ)
The revert is in. Removing "CQ/PFQ" from the title.
Keeping the bug open since it still needs to be fixed before relanding, per #2.

Comment 5 by kinaba@chromium.org, Jul 11

Summary: security_StatefulPermissions flaky if shill is run in minijail (was: security_StatefulPermissions flaky since R69-10850.0.0)
Project Member

Comment 6 by bugdroid1@chromium.org, Jul 11 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/3382f3b7feb660113db310f2bfdfdd77b95519de

commit 3382f3b7feb660113db310f2bfdfdd77b95519de
Author: Micah Morton <mortonm@chromium.org>
Date: Wed Jul 11 19:12:53 2018

security_StatefulPermissions: add dir writable by shill

Shill, soon to be running as user "shill", creates files in
/var/log/metrics/shutdown.*/ dirs, which are given shill:shill
ownership. Reflect this in the autotest.

BUG= chromium:861633 ,chromium:649417
TEST=manually create files owned/writable by shill:shill in
/var/log/metrics/shutdown.* dir and test passes. Take out the 1-line
addition in this CL and test fails.

Change-Id: Iee4f6c939f5fae9b1c3bd6922f372639b3db209f
Reviewed-on: https://chromium-review.googlesource.com/1130474
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Micah Morton <mortonm@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Micah Morton <mortonm@chromium.org>

[modify] https://crrev.com/3382f3b7feb660113db310f2bfdfdd77b95519de/client/site_tests/security_StatefulPermissions/security_StatefulPermissions.py

Comment 7 by mortonm@chromium.org, Jul 13

Status: Fixed (was: Assigned)

Sign in to add a comment