libminijail,minijail0: add seccomp filter support
This change adds support for installing seccomp filters via libminijail
or by using minijail0 with an arch-specific filters file.
Support for LD_PRELOAD marshalling is still missing and will come in a new change.
BUG=chromium-os:19459
TEST=minijail0 -r -S dash-cat.policy -u chronos -- /bin/dash -c '/bin/cat /proc/self/seccomp_filter'
dash-cat.policy can be found in the bug.
built for arm-generic, tegra2_seaboard, and x86-alex. Tested on x86-alex as above and with -H.
Change-Id: I3cac97d1df62f70cd546763aeca8f52dd0aea09d
Reviewed-on: http://gerrit.chromium.org/gerrit/7773
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
8 files changed