| Age | Commit message (Collapse) | Author |
|---|
|
am: 8c3febd20f
* commit '8c3febd20f0cef00a5049f6962666b6c62093aa9':
Fix #ifdef statement.
Change-Id: I3c31733ab3b14fd3093e56504de970e88b63fa46
|
|
am: abb93141f0
* commit 'abb93141f0255a624bda29e4842611f8bc120df8':
Skip setting seccomp filter when running with ASan.
Change-Id: Ib3ba92897d4229ae09f9cb9c87e2b57b5f090f9e
|
|
Previous version did not compile with GCC.
Bug: 27980137
(cherry picked from commit 9e35c09854e55973731f80dd7cc41b80c20eec42)
Change-Id: Ibbad230f6651c51df62905799c5d4fad839919b3
|
|
Also add an example build target for an ASan-ified libminijail (useful
for debugging).
Bug: 28052772
Bug: 27980137
(cherry picked from commit 2413f3713ae8a306a23550e2eecd59f380f34eae)
Change-Id: I0b07b17934221a7ff4bd0b58641e4e7afb225aa6
|
|
am: 0e3fe532a9
* commit '0e3fe532a9fdf42bed41e371939134af38dd53b5':
Add check for supplementary groups.
|
|
This binary will be used by a new Brillo Autotest test.
Also tie the return value of the binary to the result of the checks =).
Bug: 25368607
Change-Id: Ia338cb8270916cafdbbfbbb8808b88759906327f
|
|
am: 3c8375cdf3
* commit '3c8375cdf37104998ded0edc5ed072ab3b07c00d':
Unit tests: Compile only on 'eng' builds.
|
|
Bug: 26967770
Change-Id: I93e6a108803a62383c2e1b71879196e2b47c38ba
|
|
am: a0aa041dff
* commit 'a0aa041dff6fb71c7ac7bd08b805087ad6026e37':
call abort() on sigsys
|
|
|
|
am: ac9e342ef7
* commit 'ac9e342ef745e9057edc4e1b02a52d8943ea608a':
Add libminijail test executable.
|
|
Tells debuggerd to attach to the process and send crash data
to logcat.
Bug: 26580739
Change-Id: I9df09f044e56cf250963d4e4cf5959642fe2ee2f
|
|
This is useful to test basic Minijail functionality and will be used by
future Autotest tests. The code is currently very similar to
'drop_privs.cpp', but I expect that to change in the future.
Bug: 25368607
Change-Id: I4db3359b07c3b37fa4ac9e24598a5d21623383d5
|
|
am: d569b1e6c8
* commit 'd569b1e6c811ddd39fcb46a74f386ae63af650de':
Don't die() on bind mounts.
|
|
|
|
By the time we get to the removed lines, |mounts_head| will be valid
in the parent (Minijail) process, but |flags.chroot| and
|flags.pivot_root| will have been cleared by minijail_preexec().
The removed lines were then incorrectly aborting the process too early.
The flags *will* be set in the minijail struct used by the
child (jailed) process, so the bind mounts will happen correctly.
A follow-up CL will make sure |mounts_head| is never valid when
both flags are cleared, so that we can correctly check for this.
While in there, fix a comment and an info() message.
security_Minijail0 now passes.
Bug: 25368607
Change-Id: I5ac85ee62560ba8957bdab3fc84689ed06d106f0
|
|
am: 7c6899c198
* commit '7c6899c198c3a3c68268243a2f46050d13bf622f':
Fix build in x86_64.
|
|
The recently added #elif should be an #else.
Bug: None
TEST=emerge-link chromeos-minijail
Change-Id: I5fcbaa4e51c6cf111a61fb33b7a90c9aa37398ca
|
|
am: e7a5908f52
* commit 'e7a5908f5200e84259686fba8dc82fec9ac8f4f7':
Compile 'minijail0' on Brillo/Android.
|
|
am: 2b12ba4904
* commit '2b12ba490431f312099163c476d30fb39e9428d7':
Print an error when attempting to use bind mounts without chroot.
|
|
|
|
Bind mounts should be used with chroot or pivot_root. Print an error
and exit when that's not the case.
Clean up some comments and error messages while in there.
Bug: 26784268
Change-Id: I4e384a989e1aef5b2989c4f17e047a9ac7cadbc8
|
|
We're not currently using the 'minijail0' executable on Brillo or
Android, but given that upstream Minijail is in AOSP, it's useful to
be able to build all Minijail targets in a Brillo or Android checkout.
Make it an "optional" target so that it doesn't get included on regular
builds.
This requires fixing one case of assigning 'const char*' to 'char*',
setting an invalid PRELOADPATH variable, and disabling
'missing-field-initializers' warnings.
Bug: 26798535
Change-Id: I1fe61f5ac2687d3a185d971a699fa4237a4b6a10
|
|
am: b8a5138a45
* commit 'b8a5138a451e183debbce56f3fa031e1880ff901':
Add 'cgroups' flag.
|
|
Cgroups ended up being the only feature that doesn't have a flag.
Fix that, and fix some comments while we're there.
Bug: 26782393
Change-Id: I83e56b6d7fb4a5668ffecc2b597902ee663fdab6
|
|
am: b98ad29bc0
* commit 'b98ad29bc07149cc8ffa29b986c7bc4339c9ad82':
Add syscall logging support for x86_64 architectures on Android.
|
|
Bug: 26776934
Change-Id: I54d62bb74e4359beca4852484a77a3a007f17c42
|
|
am: be351a294d
* commit 'be351a294d36bd90f8bd4d887a7ad323d6441a67':
Don't fail on invalid syscalls.
|
|
When putting together a new policy, it's useful to get a list
of all the invalid syscalls. Don't fail on invalid syscalls if
the user requested logging failures.
Bug: None
Change-Id: Ib2d9bbb3e41a1eeb44a41fd2ab32b50ab4efcddf
|
|
am: 605ce7f5cc
* commit '605ce7f5ccda3597305f7ca8e21ba16e254cf96c':
Add ability to put jailed process in cgroups
|
|
This adds an API that allows the jailed process to be added to a given
cgroup. This API can be called repeatedly to add the process to many
cgroups. The process will be added after fork but before it is exec'd.
BUG=b/26549867
TEST=set cgroups and inspect that pid is in tasks file
Change-Id: I87a9897c1dc741c726873e872eeae32692088979
Signed-off-by: Dylan Reid <dgreid@chromium.org>
|
|
am: ce5b55eb48
* commit 'ce5b55eb48f276951b6c4d1bbfc667240c1e8f2f':
Separate child process sync from user namespace
|
|
Syncing the child and parent was only done so that the uid/gid maps
could be setup. Make this more general so that the next commit can add setting
of cgroups which also wants to happen after the child forks but before the
jailed process is run similar top uid/gid map setting.
BUG=b/26549867
TEST=security_Minijail0
Change-Id: I81d512f351cfe459cd7af4c55263504d22b929fa
Signed-off-by: Dylan Reid <dgreid@chromium.org>
|
|
Android/Brillo have 'linux/securebits.h' available.
Bug: None
Change-Id: I43ac60aa1cdafd7ff6d4579b335519e512c08f77
|
|
am: 33b967df36 -s ours
* commit '33b967df36fe2b3997ead2c139efb4775946a612':
Set HAVE_SECUREBITS_H define.
|
|
am: c4b0fdc4bf
* commit 'c4b0fdc4bf008115c9d7a2589de38ed007ca8138':
Make is_android static
|
|
Android/Brillo have 'linux/securebits.h' available.
Bug: None
Change-Id: I43ac60aa1cdafd7ff6d4579b335519e512c08f77
|
|
util.h gets included from more than one place on Chrome OS builds.
Change-Id: I021235738115782fc2966d51fe356364953db169
Signed-off-by: Dylan Reid <dgreid@chromium.org>
|
|
am: 272e3ab72d
* commit '272e3ab72da543c3ed3cb1cf312e45796b149d19':
Fix Minijail build.
|
|
am: c31391e80a
* commit 'c31391e80af7fbdb7fe06ac9bb99a85cb7542be0':
softfail on older kernels that lack seccomp support
|
|
Remove 'static' qualifier from helper functions to fix the build.
Bug: None
Change-Id: I03cf18a415961ee6a32f05262b2925f6e5a8a8e5
|
|
|
|
Attempt to set up a seccomp filter. If seccomp not supported
on an Android device and kernel version < 3.8 fail softly
i.e. allow process to run without seccomp protections.
Bug: 26435980
Change-Id: Ied6ac053908b6b0b81ba822621b1969bdedce4af
|
|
am: 0e08026203
* commit '0e080262030f07821eb2c66377eec0ab1e3ef1a5':
Make set_supplementary_gids return 'void'.
|
|
|
|
am: 4c0e630787
* commit '4c0e6307875b9d278cf5e94baa3217ce1ce9dadf':
Fix libminijail static build.
|
|
|
|
After https://android-review.googlesource.com/#/c/195351 lands,
no callers expect this function to return a result. Change the
signature to avoid errors.
Bug: 26099611
Change-Id: Id9c80350a0ce1f80ce5b5691117e68e37dd6c10e
|
|
am: fd5fc562f3
* commit 'fd5fc562f3c609d13b80b6b93c381a3ba8dc92b0':
Make set_supplementary_gids abort on memory errors.
|
|
Using LOCAL_WHOLE_STATIC_LIBRARIES prevents targets including a static
libminijail from having to also include its dependencies.
Bug: 26099611
Change-Id: I7f569b9228a5a3a66f7a36ade8e9584ad5b7d8c0
|
