Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / dalvik / 9907ca3cb8982063a846426ad3bdf3f90e3b87c2
commit9907ca3cb8982063a846426ad3bdf3f90e3b87c2[log] [tgz]
authorNick Kralevich <nnk@google.com>Wed Feb 27 15:39:41 2013 -0800
committerNick Kralevich <nnk@google.com>Thu Feb 28 13:14:48 2013 -0800
tree8ce9773345921d01b417db985961a82d49ab4ff1
parent64d4c47f1869c5f655f9a1bbdc57ad977b76f817 [diff]
Zygote: remount /system nosuid/nodev

Android no longer has any setuid / setgid programs accessible
to zygote. Make sure /system is remounted nosuid and nodev
for zygote spawned processes.

We use mount namespaces to make sure these changes are
only visible to zygote spawned processes. We continue to need
/system mounted with suid to support /system/bin/run-as.
See also: b/8253345

Change-Id: Ib58a8d56b42e4b022b6b4e51932f0a415298c920
1 file changed
tree: 8ce9773345921d01b417db985961a82d49ab4ff1
  1. dalvikvm/
  2. dexdump/
  3. dexgen/
  4. dexlist/
  5. dexopt/
  6. docs/
  7. dx/
  8. hit/
  9. libdex/
  10. opcode-gen/
  11. tests/
  12. tools/
  13. unit-tests/
  14. vm/
  15. Android.mk
  16. CleanSpec.mk
  17. MODULE_LICENSE_APACHE2
  18. NOTICE
  19. README.txt