mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2025-02-11 04:26:38 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

crosvm: make JailConfig structure parseable from command-line options

Browse source 
This will allow us to control all the jail-related options under a
single "--jail" command-line argument, instead of several different
arguments as we did before.

BUG=b:217480043
TEST=cargo test -p crosvm crosvm::config::tests::parse_jailconfig

Change-Id: I4246c79dcf53411461437b09cb31be8b212e1c97
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3755187
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Alexandre Courbot <acourbot@chromium.org>
This commit is contained in:
Alexandre Courbot 2022-07-06 18:38:51 +09:00 committed by Chromeos LUCI
parent a0bf9563b2
commit 8f9de922f8
1 changed files with 85 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

89
src/crosvm/config.rs
View file

@ -560,21 +560,33 @@ pub struct HostPcieRootPortParameters {
pub hp_gpe: Option<u32>,
}
#[derive(Debug, Serialize, Deserialize, PartialEq, serde_keyvalue::FromKeyValues)]
#[serde(deny_unknown_fields)]
fn jail_config_default_pivot_root() -> PathBuf {
PathBuf::from(option_env!("DEFAULT_PIVOT_ROOT").unwrap_or("/var/empty"))
}
#[cfg(unix)]
fn jail_config_default_seccomp_policy_dir() -> Option<PathBuf> {
Some(PathBuf::from(SECCOMP_POLICY_DIR))
}
#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, serde_keyvalue::FromKeyValues)]
#[serde(deny_unknown_fields, rename_all = "kebab-case")]
pub struct JailConfig {
#[serde(default = "jail_config_default_pivot_root")]
pub pivot_root: PathBuf,
#[cfg(unix)]
#[serde(default = "jail_config_default_seccomp_policy_dir")]
pub seccomp_policy_dir: Option<PathBuf>,
#[serde(default)]
pub seccomp_log_failures: bool,
}
impl Default for JailConfig {
fn default() -> Self {
JailConfig {
pivot_root: PathBuf::from(option_env!("DEFAULT_PIVOT_ROOT").unwrap_or("/var/empty")),
pivot_root: jail_config_default_pivot_root(),
#[cfg(unix)]
seccomp_policy_dir: Some(PathBuf::from(SECCOMP_POLICY_DIR)),
seccomp_policy_dir: jail_config_default_seccomp_policy_dir(),
seccomp_log_failures: false,
}
}
@ -2170,4 +2182,73 @@ mod tests {
assert!(parse_userspace_msr_options("0x10").is_err());
assert!(parse_userspace_msr_options("hoge").is_err());
}
#[test]
fn parse_jailconfig() {
let config: JailConfig = Default::default();
assert_eq!(
config,
JailConfig {
pivot_root: jail_config_default_pivot_root(),
#[cfg(unix)]
seccomp_policy_dir: jail_config_default_seccomp_policy_dir(),
seccomp_log_failures: false,
}
);
let config: JailConfig = from_key_values("").unwrap();
assert_eq!(config, Default::default());
let config: JailConfig = from_key_values("pivot-root=/path/to/pivot/root").unwrap();
assert_eq!(
config,
JailConfig {
pivot_root: "/path/to/pivot/root".into(),
..Default::default()
}
);
cfg_if::cfg_if! {
if #[cfg(unix)] {
let config: JailConfig = from_key_values("seccomp-policy-dir=/path/to/seccomp/dir").unwrap();
assert_eq!(config, JailConfig {
seccomp_policy_dir: Some("/path/to/seccomp/dir".into()),
..Default::default()
});
}
}
let config: JailConfig = from_key_values("seccomp-log-failures").unwrap();
assert_eq!(
config,
JailConfig {
seccomp_log_failures: true,
..Default::default()
}
);
let config: JailConfig = from_key_values("seccomp-log-failures=false").unwrap();
assert_eq!(
config,
JailConfig {
seccomp_log_failures: false,
..Default::default()
}
);
let config: JailConfig =
from_key_values("pivot-root=/path/to/pivot/root,seccomp-log-failures=true").unwrap();
assert_eq!(
config,
JailConfig {
pivot_root: "/path/to/pivot/root".into(),
seccomp_log_failures: true,
..Default::default()
}
);
let config: Result<JailConfig, String> =
from_key_values("seccomp-log-failures,invalid-arg=value");
assert!(config.is_err());
}
}