crosvm

mirrors/crosvm

Fork 0

mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2024-10-25 05:35:41 +00:00

Commit graph

Author	SHA1	Message	Date
Dylan Reid	d6c579fcef	io_jail: Add a wrapper around minijail The io_jail is used to jail io processes run from crosvm. Under the hood it mostly configures a minijail jail to run in. The minijail restrictions are applied when iojail::enter is called. This closes extra FDs and calls minijail_enter. The minijail_run* functions are left out as we don't have a need to exec foreign programs. libminijail will be used to jail separate processes spawned from the main crosvm process. The ability to close all open file descriptors is added. Minijail only closes FDs after forking and before exec. Change-Id: Ida7f52022c934e9e6edeb7b604cd6e6399860cb9 Signed-off-by: Dylan Reid <dgreid@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/505100 Reviewed-by: Zach Reizner <zachr@chromium.org>	2017-05-25 12:25:27 -07:00

Author

SHA1

Message

Date

Dylan Reid

d6c579fcef

io_jail: Add a wrapper around minijail

The io_jail is used to jail io processes run from crosvm. Under the hood
it mostly configures a minijail jail to run in.  The minijail
restrictions are applied when iojail::enter is called.  This closes
extra FDs and calls minijail_enter.

The minijail_run* functions are left out as we don't have a need to exec
foreign programs.  libminijail will be used to jail separate processes
spawned from the main crosvm process.

The ability to close all open file descriptors is added.  Minijail only
closes FDs after forking and before exec.

Change-Id: Ida7f52022c934e9e6edeb7b604cd6e6399860cb9
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/505100
Reviewed-by: Zach Reizner <zachr@chromium.org>

2017-05-25 12:25:27 -07:00

1 commit