crosvm: add a feature to disable sandbox by default

Add a build-time feature that allows having plugin and other parts of
crosvm to run outside of jailed environment. This is strictly a
development time feature and is not expected to be activated with
shipping code.

Sandbox can still be activated by passing -u (--multiprocess) option.

BUG=None
TEST=cargo test --feature=default-no-sandbox

Change-Id: If9ef1ce8ed0b5d23cef3ad193679baca94413360
Signed-off-by: Dmitry Torokhov <dtor@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1054194
Reviewed-by: Zach Reizner <zachr@chromium.org>
This commit is contained in:
Dmitry Torokhov 2018-05-10 10:25:58 -07:00 committed by chrome-bot
parent 0ac9254f9a
commit 5e05a8331d
2 changed files with 2 additions and 1 deletions

View file

@ -11,6 +11,7 @@ panic = 'abort'
[features]
plugin = ["plugin_proto", "crosvm_plugin", "protobuf"]
default-no-sandbox = []
[dependencies]
arch = { path = "arch" }

View file

@ -92,7 +92,7 @@ impl Default for Config {
vhost_net: false,
wayland_socket_path: None,
socket_path: None,
multiprocess: true,
multiprocess: !cfg!(feature = "default-no-sandbox"),
seccomp_policy_dir: PathBuf::from(SECCOMP_POLICY_DIR),
cid: None,
plugin: None,