libminijail: add marshalling and scrubbing functions
In order to support arbitrary divisions of labor between minijail_run
and minijail_enter, we need to support serializing the entire minijail
for sharing with the LD_PRELOADed library in a child process. Instead
of continuing with one-off marshalling, this unify the marshalling code
(as fragile as it is).
In addition, scrubbing features that only apply in the parent or the
child around marshalling and unmarshalling are split out to separate the
logic.
One change did sneak in to support marshalling which was copying/freeing
j->user. I can split this out as a precursor patch if needed.
The next change in the series converts the existing code over and moves it
to communicate over a file descriptor.
BUG=chromium-os:19459
TEST=gmerged and ran minijail0. Internal only changes.
Change-Id: Ib4c157d1d4d4edf6910793ea04880399e539285b
Reviewed-on: http://gerrit.chromium.org/gerrit/7891
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
diff --git a/libminijail.h b/libminijail.h
index 6d36b85..4cd7d48 100644
--- a/libminijail.h
+++ b/libminijail.h
@@ -37,9 +37,9 @@
* explanations in detail of what the restrictions do. */
void minijail_change_uid(struct minijail *j, uid_t uid);
void minijail_change_gid(struct minijail *j, gid_t gid);
-/* 'user' should be kept valid until minijail_destroy() */
+/* Stores user to change to and copies |user| for internal consistency. */
int minijail_change_user(struct minijail *j, const char *user);
-/* 'group' should be kept valid until minijail_destroy() */
+/* Does not take ownership of |group|. */
int minijail_change_group(struct minijail *j, const char *group);
void minijail_use_seccomp(struct minijail *j);
void minijail_use_seccomp_filter(struct minijail *j);