Map the chronos-access group into the container

The Downloads folder has permissions 0710, with the group set to
chronos-access (gid 1001).  This group is not mapped into the container,
which leads to the Downloads folder having the "nobody" group.  This
prevents the root user from inside the container from accessing the
files in the Downloads directory.

Create the chronos-access group inside the container and identity map in
gid 1001 so that the root user inside the container still has access to
the contents of Downloads.

TEST=`sudo ls /mnt/chromeos/MyFiles/Downloads/foo.txt` works inside the

Change-Id: I2cbbf381ffe8b1171e5517555e8dc897f7f2add3
Commit-Ready: ChromeOS CL Exonerator Bot <>
Tested-by: Chirantan Ekbote <>
Reviewed-by: Stephen Barber <>
2 files changed
tree: db20e505ecab3a87d69feb6f3942fb7ba3be6b03
  2. src/


Tremplin is the “springboard” daemon that runs in the Termina VM and exposes a gRPC interface for managing LXD containers.