minimalistic-mountns: Add /dev/log.
It makes sense for the minimalistic-mountns profile to support logging.
Bug: chromium:942092
Test: Deploy to Chrome OS device.
Test: minijail0 -Tstatic --profile=minimalistic-mountns -b /bin -- /bin/ls /dev/log
Test: man ./minijail0.1
Change-Id: I05b26aa2c2821b4a48bf0a7a368885ad7ec2b674
diff --git a/minijail0.1 b/minijail0.1
index 6f85f87..0fbf38e 100644
--- a/minijail0.1
+++ b/minijail0.1
@@ -299,7 +299,7 @@
.TP
\fBminimalistic-mountns\fR
Set up a minimalistic mount namespace. Equivalent to \fB-v -P /var/empty
--b /,/ -b /proc,/proc -t -r --mount-dev\fR.
+-b / -b /proc -b /dev/log -t -r --mount-dev\fR.
.SH IMPLEMENTATION
This program is broken up into two parts: \fBminijail0\fR (the frontend) and a helper
library called \fBlibminijailpreload\fR. Some jailings can only be achieved
diff --git a/minijail0_cli.c b/minijail0_cli.c
index d5b09f7..807e567 100644
--- a/minijail0_cli.c
+++ b/minijail0_cli.c
@@ -372,11 +372,15 @@
if (!strcmp(profile, "minimalistic-mountns")) {
minijail_namespace_vfs(j);
if (minijail_bind(j, "/", "/", 0)) {
- fprintf(stderr, "minijail_bind failed.\n");
+ fprintf(stderr, "minijail_bind(/) failed.\n");
exit(1);
}
if (minijail_bind(j, "/proc", "/proc", 0)) {
- fprintf(stderr, "minijail_bind failed.\n");
+ fprintf(stderr, "minijail_bind(/proc) failed.\n");
+ exit(1);
+ }
+ if (minijail_bind(j, "/dev/log", "/dev/log", 0)) {
+ fprintf(stderr, "minijail_bind(/dev/log) failed.\n");
exit(1);
}
minijail_mount_dev(j);
