| Age | Commit message (Collapse) | Author |
|---|
|
This change enables building a host version of minijail0. This is
desirable to run some host tests.
Bug: 78307138
Test: m out/host/linux-x86/bin/minijail0 && \
out/host/linux-x86/bin/minijail0 -h
Change-Id: Iceb7f75d44c09dd8934ef3a9a70edb72ca94d3a4
Merged-Id: I7f29a8b04842fcd6a5054aebb54a97b3aa815124
(cherry picked from commit 413af658ee448c138830b3bc7eecb972f18fb6fc)
|
|
This commit marks libminijail as a VNDK library so that the vendor
variant can be installed into /system/lib[64]/vndk instead of
/vendor/lib[64].
This library was not a VNDK library in Android O because its Android.mk
hasn't been converted to Android.bp at the time. Thus, we were asking
vendors to use libminijail_vendor instead and omx implementation has to
use libavservice_minijail_vendor. Since Android.mk has been converted
to Android.bp, it would be great to mark this library as VNDK library so
that libminijail can be updated through system-only OTAs.
Bug: 63866913
Test: Build sailfish and libminijail.so should be installed into
/system/lib[64]/vndk/libminijail.so instead of
/vendor/lib[64]/libminijail.so.
Change-Id: Ia03d2ec7ae43f3a316815087fd192e0b8ab0456f
Merged-In: Ia03d2ec7ae43f3a316815087fd192e0b8ab0456f
(cherry picked from commit 9460f604ec32e8fc78d65ace02d025e249aa4b14)
|
|
am: ac62b6d73a
Change-Id: I8e6fea241c4dc75096be6ae521d3b190c01acc43
|
|
am: 3230c5fe3d
Change-Id: Ia46eebd346496b076837dfa56a78c43708f2044b
|
|
am: 785b1c3b30
Change-Id: I685c081249df29f3321fe28db5b1528b7b73658a
|
|
By default, minijail will mark all mounts as private. The -K flag
allows them to skip that step which will retain all existing mount
settings. We now have scenarios where we want to share some mount
points, so lets extend -K to accept the propagation mode. This lets
people use -Kslave and mark all the mount points as slaves.
Bug: chromium:813131
Test: `make check` and using -Kslave allows changes in the parent namespace
Change-Id: I571e402a383ecf60a6104f87ef97b76710a34d38
|
|
am: b2d99d4799
Change-Id: Ie5c7c7f08202a6f57a61261e5122419cf75517bb
|
|
am: 13fb44d0fe
Change-Id: I184e604c30702c49a024ab06c5982e62328833a2
|
|
am: 5fdba4ed28
Change-Id: I7253a2a7d0423d2156dcef9ddc9891feb6e8844d
|
|
Currently if you want to bind mount a single subdir, you have to make
sure to create the full parent directory chain. For example, if you
want /var/lib/timezone/ but not the rest of /var, you have to do:
-k none,/var,tmpfs
-k none,/var/lib,tmpfs
-b /var/lib/timezone/
For every additional subdir, you need to add another -k option just to
do an [effective] mkdir with a tmpfs mount.
The current -k/-b behavior is to run mkdir if the target doesn't already
exist, but only for the final target. Lets extend it to also create any
missing parent paths, so now only the base path needs to be writable:
-k none,/var,tmpfs
-b /var/lib/timezone/
Bug: None
Test: `minijail0 --profile minimalistic-mountns -k none,/var,tmpfs -b /var/lib/timezone /bin/date` works
Change-Id: I7f36bcb445ce40ed66a9403a4ee1c1fe3f9e5ea8
|
|
0d40743b67
am: 450c08b692
Change-Id: I8a6e71d6a703bddaccc36887c8a89fcd7da6d30b
|
|
am: 0d40743b67
Change-Id: I5c89f0d0a8c359d639540c6a104fd6da5dd9aa9c
|
|
am: 9741372f23
Change-Id: Ica3b6c63a09749bf7887b250cea0d42c65e5eb01
|
|
The GNU getopt API cannot handle being passed different argv vectors
by default. Changing optind back to 1 will trigger a reset of state,
but only relative to the previous argv getopt saw. Instead, optind
has to be set to 0 so all internal state is reset. This extension is
from GNU (glibc), but Android's bionic also supports it.
Otherwise, when we pass in a different argv, the internal state might
randomly refer to the old argv memory which in turn can lead to random
errors or memory violations.
Bug: None
Test: `./minijail0_cli_unittest --gtest_repeat=-1` no longer randomly crashes
Change-Id: I79276518bb51e297719049c7efa9824d6f97c7ab
|
|
e998c8fdc2
am: b94b51bf98
Change-Id: I2e0b5fee84c1bfde0c9c4da613830aa3c1ef8532
|
|
am: e998c8fdc2
Change-Id: I3f607bb6129e7802178bcc9e6094c52061a296de
|
|
am: 4f3e09f23a
Change-Id: I04e27c57cdf48cb4766d9bdb43244d096b4deefb
|
|
The recent fix for optional fields (fea05c6dcac6b69e9cc7ba03ee9c3d074)
broke passing in multiple mount options with the -k flag. Fix it and
add a unittest to prevent regression.
Bug: None
Test: `make check` passes
Test: `./minijail0 -v -k none,/tmp,tmpfs,0xe,uid=10,mode=0755 /bin/ls -al /tmp/` works again
Change-Id: Ia9fe9dec4a16654fc9a32414586a8c39d22692eb
|
|
am: 5c016c17a8
Change-Id: I7b2c5c93d58330db6f772cf85bee17018403bb69
|
|
am: d810e03405
Change-Id: I2c03052acfb9dd484a411877fca8a47cdd17672d
|
|
am: 7058a2debe
Change-Id: I52a3b9e7047597b6b5a0f17aa5ea8aed6a5b4ae2
|
|
This changes the type used to pass the value of the limit from uint32_t
to rlim_t, which makes it possible to pass in RLIM_INFINITY in 64-bit
environments.
Bug: None
Test: minijail_rlimit(j, RLIMIT_STACK, RLIM_INFINITY, RLIM_INFINITY);
Change-Id: I6bbf956974c7f28a2e0bb8ad3efb4d25c5675593
|
|
am: 0d14394e89
Change-Id: Iad6f8cf663a5fddc9fc42132f6ebed06251e4142
|
|
am: 79d80def4b
Change-Id: I9c7c6d9750f09229569d03ba0e22fffbcb972d5c
|
|
am: 4d2a81e578
Change-Id: I428504c39250fc76ed86647b450614dcdab25a77
|
|
Bug: None
Test: `make check` passes
Change-Id: I927a609453881e045e07013b7cca8594cc5e972c
|
|
am: f65e12c23d
Change-Id: I11d3c191fad8b352c97186015df7c6d226736cfb
|
|
am: 6c15e79b19
Change-Id: Ibc3a18fdda6d34765755eab2b2d5bb0ab9c09681
|
|
b51e0ca61e
am: 5e692e3d57
Change-Id: I35de0808c1a78ea2bb09ef50dd8d82d5400d5509
|
|
am: 0513e184ae
Change-Id: I2d48aba95aeb314956432aaef9e39f8163d78128
|
|
am: d7d5df3202
Change-Id: I19698089aab9302ccbfc992f605381a56781dcb1
|
|
The previous commit cleaned up the code that needed this.
Bug: None
Test: local android build passes
Change-Id: Ife454147acc0e5f80d539577df4d5400c169ef28
|
|
am: 1099596098
Change-Id: I1cefe023367ce0f855134da3501047b47541647f
|
|
am: b51e0ca61e
Change-Id: Ie0afca613f81922743083a8c0a99144712d1f85a
|
|
am: 8022e14021
Change-Id: Ic6501dad6610f047340727dda9f2aa15d9ba120b
|
|
am: 1ed75bc11e
Change-Id: Ia9618902b9980756dd381a5a28be0bf21ae2f152
|
|
Some of the android prebuilts use linux 3.2.14 which don't include the
seccomp syscall define. Add some fallbacks for the main arches we have
support for in android. The rest we'll force to update.
Bug: None
Test: build passes for host
Change-Id: I00bd3aeaed7df32cc28aee9ccd0172a1d0bd2a6c
|
|
These unit test binaries will be listed alongside many others from
Android. Prefix them to avoid confusion.
Bug: 72386870
Test: make, check host and target output.
Change-Id: I56779fa468c43924604d3dc97e4b8534b4888508
|
|
am: 11f2a4c978
Change-Id: I4295b7d10fb664bbfda5c03a8bcfd9a8c723772b
|
|
am: a21526d7bf
Change-Id: I8ac446458491b36ca7613a60d1b54745a92d7d7d
|
|
am: 06cacc9c74
Change-Id: I4906a96fb898d61c7c465fc99f8bf8bc3a67909e
|
|
This structure does not need to be initialized early since it is
filled completely before being used later on (by the fread). The
current builders are complaining about this initializer too since
they turned on -Wmissing-field-initializers.
Bug: None
Test: `make check` still works
Change-Id: Ia57356e8a2a23fdc7074661f73d10cf84d9a457f
|
|
am: d17e7e5bcb
Change-Id: I90c0864d72fc73937802362058f72465d3d10420
|
|
am: 270802826a
Change-Id: I975b7540787048b49b59560dddcb501f29ddca80
|
|
am: 5ef22ca404
Change-Id: I921435c86b25b289778cf134309e395fc618756e
|
|
This will let us unittest them easily. The only thing this CL has done
is move all the non-main funcs from minijail0.c to minijail0_cli.c.
Bug: None
Test: `make check` passes
Change-Id: I2be5cf2097d1f8d15270595f5200c872a0a551c4
|
|
am: b7cd86b9ce
Change-Id: I7af1c1844929ee6fad0704b1c27133ad11f3ccd6
|
|
am: 87dbedeba0
Change-Id: Idf38da18d1b20158839261275d9ddab45658b5a7
|
|
am: 37c8e3c55c
Change-Id: Iddebc9c1a3305204aa1a33bcc505158e9d5ceaa8
|
|
The elfparse header doesn't require most of these includes, so don't
pull them in where they'll pollute other users of the header. Instead
move all the headers elfparse.c needs to the source file itself.
Bug: None
Test: `make check` passes
Change-Id: I29377e900b42041f64f6229774ef7c872c74bce0
|
