Google Git
Sign in
android / platform / external / minijail / 50257f14c90656c2acaee1bf32a62fd5cd24385e
commit50257f14c90656c2acaee1bf32a62fd5cd24385e[log] [tgz]
authorAlistair Delva <[email protected]>Thu Feb 23 10:12:32 2023 -0800
committerFrederick Mayle <[email protected]>Fri Mar 03 15:47:03 2023 -0800
tree6817e89beaff6fb238f43bfabefd3afc01d8890e
parent18076dbcb31ffcc1636d5a703591d81f21705f27 [diff]
CHERRY-PICK: Extend host glibc workaround to userfaultfd

The minijail seccomp policies for crosvm now require `userfaultfd`.

Inspired by https://r.android.com/1887226

Test: TH
Test: built and ran a cuttlefish target with sandboxing enabled
Bug: 270439238
Change-Id: I4620d019e89c2d48a9647b6cce87d0674498e741
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/minijail/+/4287608
Auto-Submit: Alistair Delva <[email protected]>
Tested-by: Alistair Delva <[email protected]>
Reviewed-by: Frederick Mayle <[email protected]>
Reviewed-by: Mike Frysinger <[email protected]>
Commit-Queue: Alistair Delva <[email protected]>
1 file changed
tree: 6817e89beaff6fb238f43bfabefd3afc01d8890e
  1. .github/
  2. examples/
  3. linux-x86/
  4. rust/
  5. test/
  6. tools/
  7. .clang-format
  8. .gitignore
  9. Android.bp
  10. arch.h
  11. bpf.c
  12. bpf.h
  13. CleanSpec.mk
  14. common.mk
  15. config_parser.c
  16. config_parser.h
  17. config_parser_unittest.cc
  18. CPPLINT.cfg
  19. DIR_METADATA
  20. dump_constants.cc
  21. elfparse.c
  22. elfparse.h
  23. gen_constants-inl.h
  24. gen_constants.c
  25. gen_constants.sh
  26. gen_syscalls-inl.h
  27. gen_syscalls.c
  28. gen_syscalls.sh
  29. get_googletest.sh
  30. HACKING.md
  31. landlock.h
  32. landlock_util.c
  33. landlock_util.h
  34. libconstants.h
  35. libminijail-private.h
  36. libminijail.c
  37. libminijail.h
  38. libminijail.pc.in
  39. libminijail_unittest.cc
  40. libminijailpreload.c
  41. libsyscalls.h
  42. LICENSE
  43. Makefile
  44. METADATA
  45. minijail0.1
  46. minijail0.5
  47. minijail0.c
  48. minijail0.sh
  49. minijail0_cli.c
  50. minijail0_cli.h
  51. minijail0_cli_unittest.cc
  52. MODULE_LICENSE_BSD
  53. navbar.md
  54. NOTICE
  55. OWNERS
  56. OWNERS_GENERAL
  57. parse_seccomp_policy.cc
  58. platform2_preinstall.sh
  59. PRESUBMIT.cfg
  60. PREUPLOAD.cfg
  61. README.md
  62. RELEASE.md
  63. scoped_minijail.h
  64. setup.py
  65. signal_handler.c
  66. signal_handler.h
  67. syscall_filter.c
  68. syscall_filter.h
  69. syscall_filter_unittest.cc
  70. syscall_filter_unittest_macros.h
  71. syscall_wrapper.c
  72. syscall_wrapper.h
  73. system.c
  74. system.h
  75. system_unittest.cc
  76. TEST_MAPPING
  77. test_util.cc
  78. test_util.h
  79. testrunner.cc
  80. unittest_util.h
  81. util.c
  82. util.h
  83. util_unittest.cc
README.md

Minijail

The Minijail homepage is https://google.github.io/minijail/.

The main source repo is https://chromium.googlesource.com/chromiumos/platform/minijail.

There might be other copies floating around, but this is the official one!

What is it?

Minijail is a sandboxing and containment tool used in ChromeOS and Android. It provides an executable that can be used to launch and sandbox other programs, and a library that can be used by code to sandbox itself.

Getting the code

You're one git clone away from happiness.

$ git clone https://chromium.googlesource.com/chromiumos/platform/minijail
$ cd minijail

Releases are tagged as linux-vXX: https://chromium.googlesource.com/chromiumos/platform/minijail/+refs

Building

See the HACKING.md document for more details.

Release process

See the RELEASE.md document for more details.

Additional tools

See the tools/README.md document for more details.

Contact

We've got a couple of contact points.

Talks and presentations

The following talk serves as a good introduction to Minijail and how it can be used.

Video, slides.

Example usage

The ChromiumOS project has a comprehensive sandboxing document that is largely based on Minijail.

After you play with the simple examples below, you should check that out.

Change root to any user

# id
uid=0(root) gid=0(root) groups=0(root),128(pkcs11)
# minijail0 -u jorgelo -g 5000 /usr/bin/id
uid=72178(jorgelo) gid=5000(eng) groups=5000(eng)

Drop root while keeping some capabilities

# minijail0 -u jorgelo -c 3000 -- /bin/cat /proc/self/status
Name: cat
...
CapInh: 0000000000003000
CapPrm: 0000000000003000
CapEff: 0000000000003000
CapBnd: 0000000000003000

Historical notes

Q. “Why is it called minijail0?”

A. It is minijail0 because it was a rewrite of an earlier program named minijail, which was considerably less mini, and in particular had a dependency on libchrome (the ChromeOS packaged version of Chromium's //base). We needed a new name to not collide with the deprecated one.

We didn‘t want to call it minijail2 or something that would make people start using it before we were ready, and it was also concretely less since it dropped libbase, etc. Technically, we needed to be able to fork/preload with minimal extra syscall noise which was too hard with libbase at the time (onexit handlers, etc that called syscalls we didn’t want to allow). Also, Elly made a strong case that C would be the right choice for this for linking and ease of controlled surprise system call use.

https://crrev.com/c/4585/ added the original implementation.

Source: Conversations with original authors, ellyjones@ and wad@.