platform_external_minijail, branch brillo-m7-dev Unnamed repository; edit this file 'description' to name the repository. minijail: Allow static binaries in a bind mount to run 2015-10-29T17:00:10+00:00 Dylan Reid dgreid@chromium.org 2015-10-23T04:05:29+00:00 a14e08dad428aaa934687e3636a84ca7a9711de2 A previous commit placed a restriction on running static binaries and using bind mounts. Remove that restriction by checking if the binary path is in a bind mount and rebasing the path on to the bind mount source path so that the executable can be accessed from outside the chroot. This is needed so bind mounts can be specified when running a statically linked init program for Android. BUG=b/25192613 TEST=security_Minijail0, run a static init with bind mounts. Change-Id: I801909df67c1bf18d48efcfd54c11aafe4c75e54 Signed-off-by: Dylan Reid <dgreid@google.com> 
A previous commit placed a restriction on running static binaries and
using bind mounts.  Remove that restriction by checking if the binary
path is in a bind mount and rebasing the path on to the bind mount
source path so that the executable can be accessed from outside the
chroot.  This is needed so bind mounts can be specified when running a
statically linked init program for Android.

BUG=b/25192613
TEST=security_Minijail0, run a static init with bind mounts.

Change-Id: I801909df67c1bf18d48efcfd54c11aafe4c75e54
Signed-off-by: Dylan Reid <dgreid@google.com>
Add syscall filtering unit tests. 2015-10-28T20:26:32+00:00 Jorge Lucangeli Obes jorgelo@google.com 2015-10-28T20:26:32+00:00 d6aedee6f0cdc53ad11af4f297297803bf95c96f Bug: 25130591 Change-Id: I3cef5150cb0a192322197f0a8ff550d158e032ad 
Bug: 25130591
Change-Id: I3cef5150cb0a192322197f0a8ff550d158e032ad
Add Minijail unit tests. 2015-10-28T18:45:31+00:00 Jorge Lucangeli Obes jorgelo@google.com 2015-10-28T17:41:39+00:00 c37681ddf90209e4ca4741f25843dc11257e2030 Bug: 25130591 Change-Id: Idff6ab35486db3c07c9805253cb61405dafb4a76 
Bug: 25130591

Change-Id: Idff6ab35486db3c07c9805253cb61405dafb4a76
Remove warning suppressions. 2015-10-27T18:42:31+00:00 Jorge Lucangeli Obes jorgelo@google.com 2015-10-27T18:39:59+00:00 2034274edb55cf3717ca7fa49f614e69b0dc59c6 Bug: None Change-Id: Ie0a2a3f5c5817b3db3e8613da1ef4d1cc3505048 
Bug: None
Change-Id: Ie0a2a3f5c5817b3db3e8613da1ef4d1cc3505048
minijail: Support entering an existing net namespace. 2015-10-21T21:31:27+00:00 Dylan Reid dgreid@chromium.org 2015-09-15T18:52:20+00:00 1102f5a58d539ed72defe40fcc1078840d1b3778 When launching a full OS as the jailed process, it is useful to first be able to configure a network namespace and start the new process in that namespace. This adds the "-e<net namespace file>" optional argument to -e. It allows, for example, passing "-e/var/run/netns/newns" to minijail0. Change-Id: I0613162072a1d14f10c58444c514f6d052c3d1e5 Signed-off-by: Dylan Reid <dgreid@chromium.org> 
When launching a full OS as the jailed process, it is useful to first be
able to configure a network namespace and start the new process in that
namespace.

This adds the "-e<net namespace file>" optional argument to -e.  It
allows, for example, passing "-e/var/run/netns/newns" to minijail0.

Change-Id: I0613162072a1d14f10c58444c514f6d052c3d1e5
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Merge "minijail: add no-preload run_pid_pipes unittest" 2015-10-20T23:33:45+00:00 Samuel Tan samueltan@google.com 2015-10-20T23:33:45+00:00 bfcafa7167266ed0dd8ef66f0cb28b0600aaeab5 






Merge changes I6d73bcad,I41775eb1,I53342db7,Id8046a4f
2015-10-19T21:16:02+00:00

Mike Frysinger
vapier@google.com

2015-10-19T21:16:02+00:00

2fa7cb5366ca0cc45a9b82f8abedc42aad1bae32

* changes:
  gen_constants: rewrite sed to be a bit more readable
  gen_constants: combine sort|uniq
  gen_constants: simplify grep by using ERE by default
  gen_{constants,syscalls}: fix sed/grep locale issues





* changes:
  gen_constants: rewrite sed to be a bit more readable
  gen_constants: combine sort|uniq
  gen_constants: simplify grep by using ERE by default
  gen_{constants,syscalls}: fix sed/grep locale issues







minijail: add no-preload run_pid_pipes unittest
2015-10-19T18:23:29+00:00

Samuel Tan
samueltan@google.com

2015-10-19T18:21:11+00:00

fa289da1a1c62d2cf45c5a4b56a573cdc2e30ca0

Restore the run_pid_pipes unittest with the non-preload
version of the function to avoid issues with Android.

BUG: 24577038
Change-Id: I3b39f9d874b0f0a831c35ed325595c483246c3fe
TEST: 'FEATURES=test emerge-samus chromeos-minijail' on ChromeOS.





Restore the run_pid_pipes unittest with the non-preload
version of the function to avoid issues with Android.

BUG: 24577038
Change-Id: I3b39f9d874b0f0a831c35ed325595c483246c3fe
TEST: 'FEATURES=test emerge-samus chromeos-minijail' on ChromeOS.







Merge "minijail: remove minijail_run_pid_pipe()"
2015-10-19T18:09:08+00:00

Samuel Tan
samueltan@google.com

2015-10-19T18:09:08+00:00

360f3293dd53ed8ff4ded07587fb33002bc2b235












Merge "minijail: add minijail_run_pid_pipes_no_preload() API function"
2015-10-19T18:08:55+00:00

Samuel Tan
samueltan@google.com

2015-10-19T18:08:55+00:00

383e91a4ac0c12d469538b4ab294e3f215f113f0