Google Git
Sign in
android / platform / external / minijail / 13dcc70bf9fec5d9c13dc47738f2852d88262ce9
commit13dcc70bf9fec5d9c13dc47738f2852d88262ce9[log] [tgz]
authorWill Drewry <[email protected]>Thu Aug 18 21:36:27 2011 -0500
committerWill Drewry <[email protected]>Wed Sep 14 13:11:08 2011 -0700
treecd02248919db3c850905d8128f3f695df94a53db
parent541c7e59a012dbffa0f68cc623623c81b11d267e [diff]
libminijail,minijail0: add seccomp filter support

This change adds support for installing seccomp filters via libminijail
or by using minijail0 with an arch-specific filters file.

Support for LD_PRELOAD marshalling is still missing and will come in a new change.

BUG=chromium-os:19459
TEST=minijail0 -r -S dash-cat.policy -u chronos -- /bin/dash -c '/bin/cat /proc/self/seccomp_filter'
dash-cat.policy can be found  in the bug.

Change-Id: Id3f52ae9ce7bf49c257b2cfb9ba66b38b8be8094
Reviewed-on: http://gerrit.chromium.org/gerrit/6789
Reviewed-by: Elly Jones <[email protected]>
Tested-by: Will Drewry <[email protected]>
7 files changed
tree: cd02248919db3c850905d8128f3f695df94a53db
  1. env.cc
  2. env.h
  3. getpid_microbenchmark.cc
  4. inherit-review-settings-ok
  5. interface.cc
  6. interface.h
  7. libminijail-private.h
  8. libminijail.c
  9. libminijail.h
  10. libminijailpreload.c
  11. LICENSE
  12. make_tests.sh
  13. Makefile
  14. minijail.cc
  15. minijail.h
  16. minijail0.1
  17. minijail0.5
  18. minijail0.c
  19. minijail_main.cc
  20. minijail_testrunner.cc
  21. minijail_unittest.cc
  22. mock_env.h
  23. mock_interface.h
  24. mock_options.h
  25. options.cc
  26. options.h
  27. options_unittest.cc
  28. readwrite_microbenchmark.cc
  29. SConstruct
  30. WATCHLISTS