arc: Run mojo proxy as a non-root user
Also, add "oom score" to the conf file to make lint happy.
BUG=b:237755594
TEST=arc.Boot.vm
Cq-Depend: chromium:3744944
Change-Id: I08153bb00ad6ef1fe0ead6638bcf14845a166fe0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/3743729
Tested-by: Ryo Hashimoto <hashimoto@chromium.org>
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>
Commit-Queue: Ryo Hashimoto <hashimoto@chromium.org>
(cherry picked from commit 97f494f153abfd80c4f46cb2ece0631b0614339e)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/3755072
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
diff --git a/arc/vm/mojo_proxy/init/arcvm-server-proxy.conf b/arc/vm/mojo_proxy/init/arcvm-server-proxy.conf
index 8f30b0b..58fb864 100644
--- a/arc/vm/mojo_proxy/init/arcvm-server-proxy.conf
+++ b/arc/vm/mojo_proxy/init/arcvm-server-proxy.conf
@@ -8,12 +8,18 @@
start on starting arcvm-post-login-services
stop on stopping arcvm-post-login-services
+oom score -100
+
# Use minimalistic-mountns profile.
# -e for a new network namespace.
# -p for a new PID namespace.
# -l for a new IPC namespace.
# --uts for UTS namespace to isolate from host / domain names.
# -N for freeze cgroup settings.
+# -u and -g to run as arc-mojo-proxy.
+# -c sets capabilities:
+# cap_sys_admin is needed to mount a FUSE file system.
+# TODO(b/238044680): Remove cap_dac_override.
# /mnt is the mount point of the fuse file system.
# /run/chrome/arc/arc_bridge.sock is the socket connected to the
# ArcBridgeService in Chrome browser process. arcvm_server_proxy may be started
@@ -28,6 +34,9 @@
-l \
--uts \
-N \
+ -u arc-mojo-proxy \
+ -g arc-mojo-proxy \
+ -c "cap_dac_override,cap_sys_admin+eip" \
-k "tmpfs,/mnt,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC" \
-k "tmpfs,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC" \
-b /dev/fuse \
diff --git a/arc/vm/mojo_proxy/server_proxy.cc b/arc/vm/mojo_proxy/server_proxy.cc
index f4f1ec4..84b9bb7 100644
--- a/arc/vm/mojo_proxy/server_proxy.cc
+++ b/arc/vm/mojo_proxy/server_proxy.cc
@@ -60,14 +60,8 @@
return {};
}
// Make it accessible to crosvm.
- uid_t uid = 0;
- gid_t gid = 0;
- if (!brillo::userdb::GetUserInfo("crosvm", &uid, &gid)) {
- LOG(ERROR) << "Failed to get crosvm user info.";
- return {};
- }
- if (lchown(kVirtwlSocketPath, uid, gid) != 0) {
- PLOG(ERROR) << "lchown failed";
+ if (chmod(kVirtwlSocketPath, 0666) == -1) {
+ PLOG(ERROR) << "Failed to set permission";
return {};
}
// Start listening on the socket.