commit 0412dcc954b5b23fcf7e4a145de7d74a8943fc4d
author Dylan Reid <dgreid@chromium.org> Thu Aug 24 11:33:15 2017 -0700
committer Treehugger Robot <treehugger-gerrit@google.com> Wed Sep 27 19:12:28 2017 +0000
tree 6d7388d15611429fefaaf1f76ae7597f05be81da
parent 0956086b299a7f206854bbaff0ec58810c60d055

Add minijail_fork

Provide a method to fork and jail a child process. This is useful for
users that would normally call fork followed by minijail_enter in the
child. However this allows for user and pid namespaces to be set up by
the clone call in minijail_run_internal.

Change-Id: Ib7dc11e7c783eda93b899ef4b782846061d113d4
Signed-off-by: Dylan Reid <dgreid@chromium.org>

libminijail_unittest.cc

diff --git a/libminijail_unittest.cc b/libminijail_unittest.cc
index d07ee4a..3ee0ab9 100644
--- a/libminijail_unittest.cc
+++ b/libminijail_unittest.cc
@@ -21,6 +21,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/wait.h>
+#include <unistd.h>
 
 #include <gtest/gtest.h>
 
@@ -273,6 +274,34 @@
   close(dev_null);
 }
 
+TEST(Test, test_minijail_fork) {
+  pid_t mj_fork_ret;
+  int status;
+  int pipe_fds[2];
+  ssize_t pid_size = sizeof(mj_fork_ret);
+
+  struct minijail *j = minijail_new();
+
+  ASSERT_EQ(pipe(pipe_fds), 0);
+
+  mj_fork_ret = minijail_fork(j);
+  ASSERT_GE(mj_fork_ret, 0);
+  if (mj_fork_ret == 0) {
+    pid_t pid_in_parent;
+    // Wait for the parent to tell us the pid in the parent namespace.
+    EXPECT_EQ(read(pipe_fds[0], &pid_in_parent, pid_size), pid_size);
+    EXPECT_EQ(pid_in_parent, getpid());
+    exit(0);
+  }
+
+  EXPECT_EQ(write(pipe_fds[1], &mj_fork_ret, pid_size), pid_size);
+  waitpid(mj_fork_ret, &status, 0);
+  ASSERT_TRUE(WIFEXITED(status));
+  EXPECT_EQ(WEXITSTATUS(status), 0);
+
+  minijail_destroy(j);
+}
+
 static int early_exit(void* payload) {
   exit(static_cast<int>(reinterpret_cast<intptr_t>(payload)));
 }