Google Git
Sign in
gfiber / vendor / google / minijail / eac2894b0b59ba1e33c3f173c00c26bdb0268afb
commiteac2894b0b59ba1e33c3f173c00c26bdb0268afb[log] [tgz]
authorAndrew Bresticker <abrestic@chromium.org>Wed Nov 11 16:04:46 2015 -0800
committerAndrew Bresticker <abrestic@chromium.org>Fri Nov 13 10:34:09 2015 -0800
tree29594918960f4b8b036e69bb18cfad76fd933f41
parent648b220346aaee74ffbab35be6129bdfa5aca3a5 [diff]
minijail: Support setting syscall table with PR_ALT_SYSCALL

Add support for setting the syscall table for a jailed process using
prctl(PR_ALT_SYSCALL).  This adds the option '-a <table>' which
changes the jailed process's syscall table to the alt_syscall
table named <table>.  alt_syscall tables must be registerd in the
kernel (see crosreview.com/312137 for an example of how this is done).

Bug: 25649436
TEST=Create a test blacklist that blocks write(2) and observe that
'minijail0 -a test -- /bin/echo hello' prints nothing to stdout.

Change-Id: Idddafa1d0b81483a594e05d9d3390d4f9ad849c6
Signed-off-by: Andrew Bresticker <abrestic@chromium.org>
4 files changed
tree: 29594918960f4b8b036e69bb18cfad76fd933f41
  1. test/
  2. Android.mk
  3. arch.h
  4. bpf.c
  5. bpf.h
  6. common.mk
  7. CPPLINT.cfg
  8. elfparse.c
  9. elfparse.h
  10. gen_constants.sh
  11. gen_syscalls.sh
  12. libconstants.h
  13. libminijail-private.h
  14. libminijail.c
  15. libminijail.h
  16. libminijail.pc.in
  17. libminijail_unittest.c
  18. libminijailpreload.c
  19. libsyscalls.h
  20. Makefile
  21. minijail0.1
  22. minijail0.5
  23. minijail0.c
  24. MODULE_LICENSE_BSD
  25. NOTICE
  26. OWNERS
  27. platform2_preinstall.sh
  28. PRESUBMIT.cfg
  29. signal_handler.c
  30. signal_handler.h
  31. syscall_filter.c
  32. syscall_filter.h
  33. syscall_filter_unittest.c
  34. test_harness.h
  35. util.c
  36. util.h