Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / minijail / 4cbc2a522e1bc88424905bee32199af1c0fdbd20
commit4cbc2a522e1bc88424905bee32199af1c0fdbd20[log] [tgz]
authorDylan Reid <dgreid@chromium.org>Fri Jun 17 19:06:07 2016 -0700
committerDylan Reid <dgreid@google.com>Tue Jun 28 09:15:08 2016 -0700
treee386a08b77b2bbb1fd1dea1b0c0f1674b9f28069
parentdf7fab1a0e0ca2c02ec366ba1f530bc8db7c8688 [diff]
Add ability to enter a cgroup namespace

The cgroup namespacing feature was recently added to the linux kernel.
Allow jailed processes to be placed in to a new cgroup namespace.  This
avoids leaking host info into the jailed process and allows for the
jailed process to use cgroups as it would if it was running outside of
any namespaces.  Android needs this so its cgroup setting CTS tests can
pass and it can distribute its cpu shares between background and
foreground apps.

CQ-DEPEND=CL:356201
BUG=b/29259708
TEST=minijail0 -m '0 1000 100' -M '0 1000 100' -N /bin/bash
  check that the cgroup namespace is different
  check that a newly mounted cgroup FS is rooted at the parent's cgroup

Change-Id: I3aead23ec8273eae90184337c040054becf4f12b
Signed-off-by: Dylan Reid <dgreid@chromium.org>
3 files changed
tree: e386a08b77b2bbb1fd1dea1b0c0f1674b9f28069
  1. examples/
  2. test/
  3. tools/
  4. .clang-format
  5. Android.mk
  6. arch.h
  7. bpf.c
  8. bpf.h
  9. common.mk
  10. CPPLINT.cfg
  11. elfparse.c
  12. elfparse.h
  13. gen_constants.sh
  14. gen_syscalls.sh
  15. libconstants.h
  16. libminijail-private.h
  17. libminijail.c
  18. libminijail.h
  19. libminijail.pc.in
  20. libminijail_unittest.c
  21. libminijailpreload.c
  22. libsyscalls.h
  23. Makefile
  24. minijail0.1
  25. minijail0.5
  26. minijail0.c
  27. MODULE_LICENSE_BSD
  28. NOTICE
  29. OWNERS
  30. platform2_preinstall.sh
  31. PRESUBMIT.cfg
  32. signal_handler.c
  33. signal_handler.h
  34. syscall_filter.c
  35. syscall_filter.h
  36. syscall_filter_unittest.c
  37. test_harness.h
  38. util.c
  39. util.h