diff options
author | Darren Krahn <dkrahn@google.com> | 2015-12-10 21:40:35 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2015-12-10 21:40:35 +0000 |
commit | 7b153bf1bbbda58d1be395a77a26bce3e4bdf9ef (patch) | |
tree | ec0058d84b89347a94a7473cc0c3e74c773260a9 | |
parent | 7d4903c2a8653c80dbb57257748e8398c7d5f555 (diff) | |
parent | 5316951199ff1e3c9be125ecd55726b31412178d (diff) | |
download | tpm-7b153bf1bbbda58d1be395a77a26bce3e4bdf9ef.tar.gz |
Merge "attestation: Fix permissions."
-rw-r--r-- | attestation/server/attestationd.conf | 6 | ||||
-rw-r--r-- | attestation/server/main.cc | 1 |
2 files changed, 7 insertions, 0 deletions
diff --git a/attestation/server/attestationd.conf b/attestation/server/attestationd.conf index 0d5a74d..7d23f93 100644 --- a/attestation/server/attestationd.conf +++ b/attestation/server/attestationd.conf @@ -21,4 +21,10 @@ start on started tcsd and started boot-services stop on stopping boot-services respawn +pre-start script + # Ensure attestationd will have permissions for attestation.epb. + chgrp preserve /mnt/stateful_partition/unencrypted/preserve + chmod 775 /mnt/stateful_partition/unencrypted/preserve +end script + exec /usr/sbin/attestationd diff --git a/attestation/server/main.cc b/attestation/server/main.cc index b22ba18..1ba4405 100644 --- a/attestation/server/main.cc +++ b/attestation/server/main.cc @@ -52,6 +52,7 @@ void InitMinijailSandbox() { struct minijail* jail = minijail->New(); minijail->DropRoot(jail, kAttestationUser, kAttestationGroup); + minijail_inherit_usergroups(jail); minijail->UseSeccompFilter(jail, kAttestationSeccompPath); minijail->Enter(jail); minijail->Destroy(jail); |