diff options
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 64 |
1 files changed, 8 insertions, 56 deletions
@@ -4,7 +4,7 @@ The Minijail homepage is https://google.github.io/minijail/. The main source repo is -https://android.googlesource.com/platform/external/minijail/. +https://chromium.googlesource.com/chromiumos/platform/minijail. There might be other copies floating around, but this is the official one! @@ -12,7 +12,7 @@ There might be other copies floating around, but this is the official one! ## What is it? -Minijail is a sandboxing and containment tool used in Chrome OS and Android. +Minijail is a sandboxing and containment tool used in ChromeOS and Android. It provides an executable that can be used to launch and sandbox other programs, and a library that can be used by code to sandbox itself. @@ -21,12 +21,12 @@ and a library that can be used by code to sandbox itself. You're one `git clone` away from happiness. ``` -$ git clone https://android.googlesource.com/platform/external/minijail +$ git clone https://chromium.googlesource.com/chromiumos/platform/minijail $ cd minijail ``` Releases are tagged as `linux-vXX`: -https://android.googlesource.com/platform/external/minijail/+refs +https://chromium.googlesource.com/chromiumos/platform/minijail/+refs ## Building @@ -49,14 +49,14 @@ We've got a couple of contact points. * [minijail-dev@google.com]: Internal Google developer mailing list. * [crbug.com/list]: Existing bug reports & feature requests. * [crbug.com/new]: File new bug reports & feature requests. -* [AOSP Gerrit]: Code reviews. +* [Chromium Gerrit]: Code reviews. [minijail@chromium.org]: https://groups.google.com/a/chromium.org/forum/#!forum/minijail [minijail-users@google.com]: https://groups.google.com/a/google.com/forum/#!forum/minijail-users [minijail-dev@google.com]: https://groups.google.com/a/google.com/forum/#!forum/minijail-dev [crbug.com/list]: https://crbug.com/?q=component:OS>Systems>Minijail [crbug.com/new]: https://bugs.chromium.org/p/chromium/issues/entry?components=OS>Systems>Minijail -[AOSP Gerrit]: https://android-review.googlesource.com/q/project:platform/external/minijail +[Chromium Gerrit]: https://chromium-review.googlesource.com/q/project:chromiumos/platform/minijail ## Talks and presentations @@ -67,7 +67,7 @@ The following talk serves as a good introduction to Minijail and how it can be u ## Example usage -The Chromium OS project has a comprehensive +The ChromiumOS project has a comprehensive [sandboxing](https://chromium.googlesource.com/chromiumos/docs/+/master/sandboxing.md) document that is largely based on Minijail. @@ -100,7 +100,7 @@ Q. "Why is it called minijail0?" A. It is minijail0 because it was a rewrite of an earlier program named minijail, which was considerably less mini, and in particular had a dependency -on libchrome (the Chrome OS packaged version of Chromium's //base). We needed a +on libchrome (the ChromeOS packaged version of Chromium's //base). We needed a new name to not collide with the deprecated one. We didn't want to call it minijail2 or something that would make people @@ -114,51 +114,3 @@ controlled surprise system call use. https://crrev.com/c/4585/ added the original implementation. Source: Conversations with original authors, ellyjones@ and wad@. - -## How to manually upgrade Minijail on Chrome OS - -Minijail is manually upgraded on Chrome OS so that there is a way to test -changes in the Chrome OS commit queue. Committed changes have already passed -Android's presubmit checks, but the ebuild upgrade CL goes through the Chrome -OS commit queue and must pass the tests before any additional changes are -available for use on Chrome OS. To upgrade minijail on Chrome OS, complete the -following steps. - -```bash -# Sync Minijail repo -cd ~/chromiumos/src/aosp/external/minijail -git checkout m/main -repo sync . - -# Set up local branch. -cd ~/trunk/src/third_party/chromiumos-overlay/ -repo start minijail . # replace minijail with the local branch name you want. - -# Run upgrade script. -~/trunk/chromite/scripts/cros_uprev --force --overlay-type public \ - --packages chromeos-base/minijail:dev-rust/minijail-sys:dev-rust/minijail -``` - -At this point the Minijail-related packages should be upgraded, so you may want -to add the changes to a commit and do some local testing before uploading a -change list. Here are the recommended local tests to try (make sure you are -**not** working on the minijail packages first i.e. `cros_workon list-all`): - -```bash -# Check build. -./build_packages --board=${BOARD} - -# Check unit tests. -FEATURES=test emerge-${BOARD} chromeos-base/minijail dev-rust/minijail-sys \ - dev-rust/minijail - -# Check integration tests. -cros deploy <DUT> chromeos-base/minijail -tast run <DUT> security.Minijail.* security.MinijailSeccomp -``` - -Finally, when uploading the CL make sure to include the list of changes -since the last uprev. The command to generate the list is as follows: -```bash -git log --oneline --no-merges <previous hash in ebuild file>..HEAD -``` |