Google Git
Sign in
gfiber / vendor / google / minijail / f682d47fc474d05fd78260faeb7863d4ded5153f
commitf682d47fc474d05fd78260faeb7863d4ded5153f[log] [tgz]
authorDylan Reid <dgreid@chromium.org>Thu Sep 17 21:39:07 2015 -0700
committerDylan Reid <dgreid@google.com>Fri Oct 16 16:46:29 2015 -0700
tree32b893a32f42c550e2f8c2e1e914f1e4ad7e0879
parentb7901001ad665559de7e04e33d807715de727ddb [diff]
minijail: Read the last valid cap value earlier.

The maximum valid capability of the kernel is read from /proc.
However since the ability to change mount namespaces and pivot root were
added, /proc might not be available when running drop_caps.  To allow
capabilities to be dropped even if entering a new mount namespace, cache
the last valid cap earlier and pass it to drop_caps.

Change-Id: I7adc017f0cdaa242d9348495815bbb4e70a74463
Signed-off-by: Dylan Reid <dgreid@chromium.org>
1 file changed
tree: 32b893a32f42c550e2f8c2e1e914f1e4ad7e0879
  1. test/
  2. Android.mk
  3. arch.h
  4. bpf.c
  5. bpf.h
  6. common.mk
  7. CPPLINT.cfg
  8. elfparse.c
  9. elfparse.h
  10. gen_constants.sh
  11. gen_syscalls.sh
  12. libconstants.h
  13. libminijail-private.h
  14. libminijail.c
  15. libminijail.h
  16. libminijail.pc.in
  17. libminijail_unittest.c
  18. libminijailpreload.c
  19. libsyscalls.h
  20. Makefile
  21. minijail0.1
  22. minijail0.5
  23. minijail0.c
  24. MODULE_LICENSE_BSD
  25. NOTICE
  26. OWNERS
  27. platform2_preinstall.sh
  28. PRESUBMIT.cfg
  29. signal_handler.c
  30. signal_handler.h
  31. syscall_filter.c
  32. syscall_filter.h
  33. syscall_filter_unittest.c
  34. test_harness.h
  35. util.c
  36. util.h