Google Git
Sign in
gfiber / vendor / google / minijail / 648b220346aaee74ffbab35be6129bdfa5aca3a5
commit648b220346aaee74ffbab35be6129bdfa5aca3a5[log] [tgz]
authorDylan Reid <dgreid@chromium.org>Fri Oct 23 00:50:00 2015 -0700
committerDylan Reid <dgreid@google.com>Wed Nov 04 15:58:42 2015 -0800
treeabec2be342a99c3eeb80961182b7f56db24874b7
parent6c7a45812a3fbd590a85bcc7fea84c614a851288 [diff]
minijail: Add ability to specify mounts

In addition to bind mounts, allow other mounts to be specified when
running minijail.  Expose this as a -k option to minijail0.

This will allow for file systems such as proc, sysfs, and devpts to be
mounted before taking away the permisison to mount from the target
program.

For example "-k sysfs,/sys,sysfs,0xe" will mount /sys in the new vfs
namespace.

BUG=b/24976046
TEST=Mount sysfs, run a shell, check that sysfs is mounted.

Change-Id: I9862e42e00ce76b1fab9cbac59c381f5270470ce
Signed-off-by: Dylan Reid <dgreid@google.com>
3 files changed
tree: abec2be342a99c3eeb80961182b7f56db24874b7
  1. test/
  2. Android.mk
  3. arch.h
  4. bpf.c
  5. bpf.h
  6. common.mk
  7. CPPLINT.cfg
  8. elfparse.c
  9. elfparse.h
  10. gen_constants.sh
  11. gen_syscalls.sh
  12. libconstants.h
  13. libminijail-private.h
  14. libminijail.c
  15. libminijail.h
  16. libminijail.pc.in
  17. libminijail_unittest.c
  18. libminijailpreload.c
  19. libsyscalls.h
  20. Makefile
  21. minijail0.1
  22. minijail0.5
  23. minijail0.c
  24. MODULE_LICENSE_BSD
  25. NOTICE
  26. OWNERS
  27. platform2_preinstall.sh
  28. PRESUBMIT.cfg
  29. signal_handler.c
  30. signal_handler.h
  31. syscall_filter.c
  32. syscall_filter.h
  33. syscall_filter_unittest.c
  34. test_harness.h
  35. util.c
  36. util.h