Add minijail_fork
Provide a method to fork and jail a child process. This is useful for
users that would normally call fork followed by minijail_enter in the
child. However this allows for user and pid namespaces to be set up by
the clone call in minijail_run_internal.
Change-Id: Ib7dc11e7c783eda93b899ef4b782846061d113d4
Signed-off-by: Dylan Reid <dgreid@chromium.org>
diff --git a/libminijail.h b/libminijail.h
index f1cb346..3903fd2 100644
--- a/libminijail.h
+++ b/libminijail.h
@@ -263,8 +263,9 @@
void minijail_enter(const struct minijail *j);
/*
- * Run the specified command in the given minijail, execve(2)-style. This is
- * required if minijail_namespace_pids() was used.
+ * Run the specified command in the given minijail, execve(2)-style.
+ * If minijail_namespace_pids() or minijail_namespace_user() are used,
+ * this or minijail_fork() is required instead of minijail_enter().
*/
int minijail_run(struct minijail *j, const char *filename,
char *const argv[]);
@@ -322,6 +323,17 @@
int *pstderr_fd);
/*
+ * Fork, jail the child, and return. This behaves similar to fork(2), except it
+ * puts the child process in a jail before returning.
+ * `minijail_fork` returns in both the parent and the child. The pid of the
+ * child is returned to the parent. Zero is returned in the child. LD_PRELOAD
+ * is not supported.
+ * If minijail_namespace_pids() or minijail_namespace_user() are used,
+ * this or minijail_run*() is required instead of minijail_enter().
+ */
+pid_t minijail_fork(struct minijail *j);
+
+/*
* Kill the specified minijail. The minijail must have been created with pid
* namespacing; if it was, all processes inside it are atomically killed.
*/