Google Git
Sign in
android / platform / external / minijail / 13807cb12a9afce34c2ecf664036df6be83f656e
commit13807cb12a9afce34c2ecf664036df6be83f656e[log] [tgz]
authorLutz Justen <[email protected]>Tue Jan 03 17:11:55 2017 +0100
committerLutz Justen <[email protected]>Thu Jan 05 14:22:59 2017 +0100
tree3619acdc266173e3cd38d156f8ed4620ff0a31e9
parentdc9cb4f308a3930c346a2ba0d8cec5119e1983ce [diff]
minijail: Add ability to keep supplementary gids.

Adds the ability to keep supplementary group ids. If an outer process sets a
saved uid, this allows changing to the saved uid in an inner, minijailed process.
Without this, the inner jail would try to clear supplementary groups
(setgroups(0, NULL)), which may not be allowed due to missing caps.

Bug: 33838120
TEST=Tested using the authpolicy project in Chrome OS

Change-Id: I9e98332324753922a4ac881b46233258067eaeae
4 files changed
tree: 3619acdc266173e3cd38d156f8ed4620ff0a31e9
  1. examples/
  2. linux-x86/
  3. test/
  4. tools/
  5. .clang-format
  6. .gitignore
  7. Android.mk
  8. arch.h
  9. bpf.c
  10. bpf.h
  11. common.mk
  12. CPPLINT.cfg
  13. elfparse.c
  14. elfparse.h
  15. gen_constants.sh
  16. gen_syscalls.sh
  17. libconstants.h
  18. libminijail-private.h
  19. libminijail.c
  20. libminijail.h
  21. libminijail.pc.in
  22. libminijail_unittest.c
  23. libminijail_unittest.cpp
  24. libminijailpreload.c
  25. libsyscalls.h
  26. Makefile
  27. minijail0.1
  28. minijail0.5
  29. minijail0.c
  30. MODULE_LICENSE_BSD
  31. NOTICE
  32. OWNERS
  33. parse_seccomp_policy.cc
  34. platform2_preinstall.sh
  35. PRESUBMIT.cfg
  36. PREUPLOAD.cfg
  37. scoped_minijail.h
  38. signal_handler.c
  39. signal_handler.h
  40. syscall_filter.c
  41. syscall_filter.h
  42. syscall_filter_unittest.c
  43. syscall_filter_unittest.cpp
  44. syscall_filter_unittest_macros.h
  45. syscall_wrapper.c
  46. syscall_wrapper.h
  47. test_harness.h
  48. util.c
  49. util.h