Add cicerone-client group for vm_cicerone socket ownership
We will be adding the ability to communicate with the vm_cicerone daemon
over a UNIX socket for plugin VMs. To control that we are creating a new
group which will initially have only vm_cicerone, but as we add VM
plugins, they will be added to this group. vm_cicerone needs to be in
the group for when UNIX sockets are created by the VM plugin in order
for making gRPC calls into the VM plugin.
The plan then is to create a /run/vm_cicerone/client folder which has
group cicerone-client and owner vm_cicerone with 770 permissions. Then
we will put UNIX sockets in there with the name of the corresponding VM
plugin (appended with either -host.sock or -guest.sock) which the VM
plugin will connect to or create in order to communicate with cicerone.
BUG=b:122837958
TEST=None
Change-Id: I99505e07982cce35f2af346593a601945461b864
Reviewed-on: https://chromium-review.googlesource.com/1423180
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Jeffrey Kardatzke <jkardatzke@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
1 file changed
