Merge "attestation: Fix permissions."

author: Darren Krahn <dkrahn@google.com> 2015-12-10 21:40:35 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2015-12-10 21:40:35 +0000
commit: 7b153bf1bbbda58d1be395a77a26bce3e4bdf9ef (patch)
tree: ec0058d84b89347a94a7473cc0c3e74c773260a9
parent: 7d4903c2a8653c80dbb57257748e8398c7d5f555 (diff)
parent: 5316951199ff1e3c9be125ecd55726b31412178d (diff)
download: tpm-7b153bf1bbbda58d1be395a77a26bce3e4bdf9ef.tar.gz
2 files changed, 7 insertions, 0 deletions
diff --git a/attestation/server/attestationd.conf b/attestation/server/attestationd.conf
index 0d5a74d..7d23f93 100644
--- a/attestation/server/attestationd.conf
+++ b/attestation/server/attestationd.conf
@@ -21,4 +21,10 @@ start on started tcsd and started boot-services
 stop on stopping boot-services
 respawn
 
+pre-start script
+  # Ensure attestationd will have permissions for attestation.epb.
+  chgrp preserve /mnt/stateful_partition/unencrypted/preserve
+  chmod 775 /mnt/stateful_partition/unencrypted/preserve
+end script
+
 exec /usr/sbin/attestationd
diff --git a/attestation/server/main.cc b/attestation/server/main.cc
index b22ba18..1ba4405 100644
--- a/attestation/server/main.cc
+++ b/attestation/server/main.cc
@@ -52,6 +52,7 @@ void InitMinijailSandbox() {
   struct minijail* jail = minijail->New();
 
   minijail->DropRoot(jail, kAttestationUser, kAttestationGroup);
+  minijail_inherit_usergroups(jail);
   minijail->UseSeccompFilter(jail, kAttestationSeccompPath);
   minijail->Enter(jail);
   minijail->Destroy(jail);
author	Darren Krahn <dkrahn@google.com>	2015-12-10 21:40:35 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2015-12-10 21:40:35 +0000
commit	7b153bf1bbbda58d1be395a77a26bce3e4bdf9ef (patch)
tree	ec0058d84b89347a94a7473cc0c3e74c773260a9
parent	7d4903c2a8653c80dbb57257748e8398c7d5f555 (diff)
parent	5316951199ff1e3c9be125ecd55726b31412178d (diff)
download	tpm-7b153bf1bbbda58d1be395a77a26bce3e4bdf9ef.tar.gz