[Fuchsia] Update launch options when starting context process.

1. /pkg, /svc and /config/ssl are now cloned to Context processes. https://crrev.com/1149262 removed FDIO_SPAWN_CLONE_NAMESPACE. As result the context process was failing to open /pkg/icudtl.dat. 2. Added FDIO_SPAWN_CLONE_JOB flag - job needs to be cloned so the context process can start its own children. 3. Updated SandboxPolicyFuchsia not to clone /tmp - it doesn't appear to be necessary for any sandboxed processes. 4. Removed FDIO_SPAWN_CLONE_STDIO for Context and sandboxed processes. Instead stderr is added fds_to_map. Bug: 852145, 869216, 868556 Change-Id: I89c429231cd0e295247c80f12e587e1c7335456b Reviewed-on: https://chromium-review.googlesource.com/1155967 Commit-Queue: Sergey Ulanov <sergeyu@chromium.org> Reviewed-by: Wez <wez@chromium.org> Cr-Commit-Position: refs/heads/master@{#579872}

[Fuchsia] Update launch options when starting context process.
1. /pkg, /svc and /config/ssl are now cloned to Context processes. https://crrev.com/1149262 removed FDIO_SPAWN_CLONE_NAMESPACE. As result the context process was failing to open /pkg/icudtl.dat. 2. Added FDIO_SPAWN_CLONE_JOB flag - job needs to be cloned so the context process can start its own children. 3. Updated SandboxPolicyFuchsia not to clone /tmp - it doesn't appear to be necessary for any sandboxed processes. 4. Removed FDIO_SPAWN_CLONE_STDIO for Context and sandboxed processes. Instead stderr is added fds_to_map. Bug: 852145, 869216, 868556 Change-Id: I89c429231cd0e295247c80f12e587e1c7335456b Reviewed-on: https://chromium-review.googlesource.com/1155967 Commit-Queue: Sergey Ulanov <sergeyu@chromium.org> Reviewed-by: Wez <wez@chromium.org> Cr-Commit-Position: refs/heads/master@{#579872}
e297cf60 · Sergey Ulanov · Commit Bot · ab656f59 · e297cf60 · e297cf60
Commit e297cf60 authored Aug 01, 2018 by Sergey Ulanov Committed by Commit Bot Aug 01, 2018
Showing with 29 additions and 10 deletions

content/common/sandbox_policy_fuchsia.cc content/common/sandbox_policy_fuchsia.cc +9 -9

webrunner/service/context_provider_impl.cc webrunner/service/context_provider_impl.cc +20 -1

No files found.
--- a/content/common/sandbox_policy_fuchsia.cc
+++ b/content/common/sandbox_policy_fuchsia.cc
@@ -6,6 +6,7 @@
 #include <fuchsia/fonts/cpp/fidl.h>
 #include <lib/fdio/spawn.h>
+#include <stdio.h>
 #include <zircon/processargs.h>
 #include "base/base_paths_fuchsia.h"
@@ -53,26 +54,25 @@ void SandboxPolicyFuchsia::UpdateLaunchOptionsForSandbox(
    base::LaunchOptions* options) {
  DCHECK_NE(type_, service_manager::SANDBOX_TYPE_INVALID);
+  // Always clone stderr to get logs output.
+  options->fds_to_remap.push_back(std::make_pair(STDERR_FILENO, STDERR_FILENO));
  if (type_ == service_manager::SANDBOX_TYPE_NO_SANDBOX) {
-    options->spawn_flags = FDIO_SPAWN_CLONE_NAMESPACE | FDIO_SPAWN_CLONE_JOB |
+    options->spawn_flags = FDIO_SPAWN_CLONE_NAMESPACE | FDIO_SPAWN_CLONE_JOB;
-                           FDIO_SPAWN_CLONE_STDIO;
    options->clear_environ = false;
    return;
  }
-  // Map /pkg (read-only files deployed from the package) and /tmp into the
+  // Map /pkg (read-only files deployed from the package) into the child's
-  // child's namespace.
+  // namespace.
  options->paths_to_clone.push_back(base::GetPackageRoot());
-  base::FilePath temp_dir;
-  base::GetTempDir(&temp_dir);
-  options->paths_to_clone.push_back(temp_dir);
  // Clear environmental variables to better isolate the child from
  // this process.
  options->clear_environ = true;
-  // Propagate stdout/stderr/stdin to the child.
+  // Don't clone anything by default.
-  options->spawn_flags = FDIO_SPAWN_CLONE_STDIO;
+  options->spawn_flags = 0;
  if (service_directory_) {
    // Provide the child process with a restricted set of services.

--- a/webrunner/service/context_provider_impl.cc
+++ b/webrunner/service/context_provider_impl.cc
@@ -6,6 +6,7 @@
 #include <fuchsia/sys/cpp/fidl.h>
 #include <lib/zx/job.h>
+#include <stdio.h>
 #include <zircon/processargs.h>
 #include <utility>
@@ -13,6 +14,7 @@
 #include "base/bind.h"
 #include "base/callback_forward.h"
 #include "base/command_line.h"
+#include "base/files/file_util.h"
 #include "base/fuchsia/default_job.h"
 #include "base/fuchsia/fuchsia_logging.h"
 #include "base/logging.h"
@@ -51,7 +53,24 @@ void ContextProviderImpl::Create(
  base::CommandLine launch_command = *base::CommandLine::ForCurrentProcess();
  base::LaunchOptions launch_options;
-  launch_options.spawn_flags = FDIO_SPAWN_CLONE_STDIO;
+  // Clone job because the context needs to be able to spawn child processes.
+  launch_options.spawn_flags = FDIO_SPAWN_CLONE_JOB;
+  // Clone stderr to get logs in system debug log.
+  launch_options.fds_to_remap.push_back(
+      std::make_pair(STDERR_FILENO, STDERR_FILENO));
+  // Context and child processes need access to the read-only package files.
+  launch_options.paths_to_clone.push_back(base::FilePath("/pkg"));
+  // Context needs access to the read-only SSL root certificates list.
+  launch_options.paths_to_clone.push_back(base::FilePath("/config/ssl"));
+  // The context process needs /svc to connect to environment services.
+  // TODO(https://crbug.com/869216): Don't clone /svc. Instead it should be
+  // passed in CreateContextParams.
+  launch_options.paths_to_clone.push_back(base::FilePath("/svc"));
  // Transfer the ContextRequest handle to a well-known location in the child
  // process' handle table.