mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2025-02-05 18:20:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

io_jail: allow mounting minimal set of devices

Browse source 
This plumbs in minijail_mount_dev() to allow mounting minimal set of
devices, such as full, zero, urandom, etc. in the jail.

BUG=b:117989168
TEST=cargo test -p io_jail

Change-Id: I072347a5eedab32d1fad6255c4e18e0242b9ac9f
Signed-off-by: Dmitry Torokhov <dtor@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1447330
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This commit is contained in:
Dmitry Torokhov 2019-01-30 22:58:05 -08:00 committed by chrome-bot
parent fccfc05f67
commit 5ede85c55f
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
io_jail/src/lib.rs
View file

@ -442,6 +442,11 @@ impl Minijail {
}
Ok(())
}
pub fn mount_dev(&mut self) {
unsafe {
libminijail::minijail_mount_dev(self.jail);
}
}
pub fn mount_tmp(&mut self) {
unsafe {
libminijail::minijail_mount_tmp(self.jail);

1
io_jail/src/libminijail.rs
View file

@ -56,6 +56,7 @@ extern "C" {
pub fn minijail_enter_pivot_root(j: *mut minijail, dir: *const c_char) -> c_int;
pub fn minijail_fork(j: *mut minijail) -> pid_t;
pub fn minijail_get_original_path(j: *mut minijail, chroot_path: *const c_char) -> *mut c_char;
pub fn minijail_mount_dev(j: *mut minijail);
pub fn minijail_mount_tmp(j: *mut minijail);
pub fn minijail_mount_tmp_size(j: *mut minijail, size: usize);
pub fn minijail_mount_with_data(