Issue metadata
Sign in to add a comment
|
dhcpcd crashes on kevin64 |
||||||||||||||||||||||||
Issue descriptionAfter flashing kevin64 image on kevin board, I am not able to browse any webpages. Looking at /var/log/messages, there are crashes reported in dhcpcd. dhcpcd: libminijail: setresuid (224, 224, 224) operation not permitted followed by a call stack dump.
,
Dec 5
,
Dec 5
This sounds like restrictions Micah added on setuid.
,
Dec 5
We already have this in the whitelist: # shill spawns dhcpcd as 'dhcp' user 20104:224
,
Dec 5
Oh yeah haven't added the arm64 syscalls here yet: https://cs.corp.google.com/chromeos_public/src/third_party/kernel/v4.19/security/chromiumos/lsm.c?rcl=ec71c2cfda440f9b903a52a0f01d65ba0e96a4cc&l=421 I didn't realize we had any 64 bit arm userspace code running in CrOS yet? Does the kevin64 image have 64-bit arm userspace code?
,
Dec 5
Yes, kevin64 is the *experimental* ARM64 userspace board.
,
Dec 5
Alright I'll get those syscalls added in there. Has been on my to do list :) Should have the CL up by tomorrow
,
Dec 9
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/7bc79f60657feaaadc5e36f0e9aceda50784a93e commit 7bc79f60657feaaadc5e36f0e9aceda50784a93e Author: Micah Morton <mortonm@chromium.org> Date: Sun Dec 09 00:49:53 2018 CHROMIUM: add arm64 userspace set*uid calls to chromiumos LSM The setuid hardening functionality in the chromiumos LSM will not work properly with arm64 userspace code until we include these additional constants. BUG= chromium:912372 TEST=none, tryjobs will catch it if theres a compile error and otherwise it should work. can test by seeing if shill stops failing to setresuid() for dhcpcd once it lands. (i'm not totally sure how to get a kevin64 image and dont have a kevin anyway) Signed-off-by: Micah Morton <mortonm@chromium.org> Change-Id: I9536babf4efe2a3e23e2aee420996e6883d92cb4 Reviewed-on: https://chromium-review.googlesource.com/1365535 Commit-Ready: Manoj Gupta <manojgupta@chromium.org> Reviewed-by: Manoj Gupta <manojgupta@chromium.org> Reviewed-by: Allen Webb <allenwebb@google.com> [modify] https://crrev.com/7bc79f60657feaaadc5e36f0e9aceda50784a93e/security/chromiumos/lsm.c
,
Dec 9
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/a9b474077bf003e73d58da623937c69e7f6e0e64 commit a9b474077bf003e73d58da623937c69e7f6e0e64 Author: Micah Morton <mortonm@chromium.org> Date: Sun Dec 09 00:49:48 2018 CHROMIUM: add arm64 userspace set*uid calls to chromiumos LSM The setuid hardening functionality in the chromiumos LSM will not work properly with arm64 userspace code until we include these additional constants. BUG= chromium:912372 TEST=none, tryjobs will catch it if theres a compile error and otherwise it should work. can test by seeing if shill stops failing to setresuid() for dhcpcd once it lands. (i'm not totally sure how to get a kevin64 image and dont have a kevin anyway) Signed-off-by: Micah Morton <mortonm@chromium.org> Change-Id: I9536babf4efe2a3e23e2aee420996e6883d92cb4 Reviewed-on: https://chromium-review.googlesource.com/1366135 Commit-Ready: Manoj Gupta <manojgupta@chromium.org> Reviewed-by: Manoj Gupta <manojgupta@chromium.org> [modify] https://crrev.com/a9b474077bf003e73d58da623937c69e7f6e0e64/security/chromiumos/lsm.c
,
Dec 9
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/e87afdccb4abfd29e0f09128ae251c678455b7dd commit e87afdccb4abfd29e0f09128ae251c678455b7dd Author: Micah Morton <mortonm@chromium.org> Date: Sun Dec 09 00:49:52 2018 CHROMIUM: add arm64 userspace set*uid calls to chromiumos LSM The setuid hardening functionality in the chromiumos LSM will not work properly with arm64 userspace code until we include these additional constants. BUG= chromium:912372 TEST=none, tryjobs will catch it if theres a compile error and otherwise it should work. can test by seeing if shill stops failing to setresuid() for dhcpcd once it lands. (i'm not totally sure how to get a kevin64 image and dont have a kevin anyway) Signed-off-by: Micah Morton <mortonm@chromium.org> Change-Id: I9536babf4efe2a3e23e2aee420996e6883d92cb4 Reviewed-on: https://chromium-review.googlesource.com/1366136 Commit-Ready: Manoj Gupta <manojgupta@chromium.org> Reviewed-by: Manoj Gupta <manojgupta@chromium.org> [modify] https://crrev.com/e87afdccb4abfd29e0f09128ae251c678455b7dd/security/chromiumos/lsm.c
,
Dec 9
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/0830cfb806ff428c0fa3dcbe9523d7aaa77c8825 commit 0830cfb806ff428c0fa3dcbe9523d7aaa77c8825 Author: Micah Morton <mortonm@chromium.org> Date: Sun Dec 09 00:49:50 2018 CHROMIUM: add arm64 userspace set*uid calls to chromiumos LSM The setuid hardening functionality in the chromiumos LSM will not work properly with arm64 userspace code until we include these additional constants. BUG= chromium:912372 TEST=none, tryjobs will catch it if theres a compile error and otherwise it should work. can test by seeing if shill stops failing to setresuid() for dhcpcd once it lands. (i'm not totally sure how to get a kevin64 image and dont have a kevin anyway) Signed-off-by: Micah Morton <mortonm@chromium.org> Change-Id: I9536babf4efe2a3e23e2aee420996e6883d92cb4 Reviewed-on: https://chromium-review.googlesource.com/1366138 Commit-Ready: Manoj Gupta <manojgupta@chromium.org> Reviewed-by: Manoj Gupta <manojgupta@chromium.org> [modify] https://crrev.com/0830cfb806ff428c0fa3dcbe9523d7aaa77c8825/security/chromiumos/lsm.c
,
Dec 9
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/7ca49535cd0eae079f4e026fd1f0c40313c52aa8 commit 7ca49535cd0eae079f4e026fd1f0c40313c52aa8 Author: Micah Morton <mortonm@chromium.org> Date: Sun Dec 09 00:49:55 2018 CHROMIUM: add arm64 userspace set*uid calls to chromiumos LSM The setuid hardening functionality in the chromiumos LSM will not work properly with arm64 userspace code until we include these additional constants. BUG= chromium:912372 TEST=none, tryjobs will catch it if theres a compile error and otherwise it should work. can test by seeing if shill stops failing to setresuid() for dhcpcd once it lands. (i'm not totally sure how to get a kevin64 image and dont have a kevin anyway) Signed-off-by: Micah Morton <mortonm@chromium.org> Change-Id: I9536babf4efe2a3e23e2aee420996e6883d92cb4 Reviewed-on: https://chromium-review.googlesource.com/1366137 Commit-Ready: Manoj Gupta <manojgupta@chromium.org> Reviewed-by: Manoj Gupta <manojgupta@chromium.org> [modify] https://crrev.com/7ca49535cd0eae079f4e026fd1f0c40313c52aa8/security/chromiumos/lsm.c
,
Dec 10
,
Dec 12
Thanks! |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by manojgupta@chromium.org
, Dec 5