Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / minijail / 5471450610e34f115c4816d5e0e0f4da02def802^! / . / libminijail.h
commit5471450610e34f115c4816d5e0e0f4da02def802[log] [tgz]
authorJorge Lucangeli Obes <jorgelo@google.com>Wed Sep 30 10:08:45 2015 -0700
committerSamuel Tan <samueltan@google.com>Mon Oct 05 16:40:32 2015 -0700
tree63314f6dabecb891bc6de57f5f00d7ef894b536c
parent791f577a32e80c819c01c1866c355aa74e833462 [diff] [blame]
minijail: Refactor dynamic and static code paths.

This CL uses the same code path for both dynamic and static binaries.
This way we avoid duplicating code, or forgetting to add functionality
to either of the paths.

BUG=chromium:537667
TEST=security_Minijail0 passes.

Change-Id: Ia484180a041dad3c302c3c8ce8bfd5b41d758ccb
Reviewed-on: https://chromium-review.googlesource.com/303380
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>

diff --git a/libminijail.h b/libminijail.h
index 8b2ae0c..07f0762 100644
--- a/libminijail.h
+++ b/libminijail.h

@@ -51,7 +51,7 @@
 void minijail_namespace_vfs(struct minijail *j);
 void minijail_namespace_enter_vfs(struct minijail *j, const char *ns_path);
 void minijail_namespace_net(struct minijail *j);
-/* Implies namespace_vfs and remount_readonly.
+/* Implies namespace_vfs and remount_proc_readonly.
  * WARNING: this is NOT THREAD SAFE. See the block comment in </libminijail.c>.
  */
 void minijail_namespace_pids(struct minijail *j);
@@ -103,32 +103,32 @@
  */
 void minijail_enter(const struct minijail *j);
 
-/* Run the specified command in the given minijail, execve(3)-style. This is
+/* Run the specified command in the given minijail, execve(2)-style. This is
  * required if minijail_namespace_pids() was used.
  */
 int minijail_run(struct minijail *j, const char *filename,
 		 char *const argv[]);
 
-/* Run the specified command in the given minijail, execve(3)-style.
- * Used with static binaries.
+/* Run the specified command in the given minijail, execve(2)-style.
+ * Used with static binaries, or on systems without support for LD_PRELOAD.
  */
-int minijail_run_static(struct minijail *j, const char *filename,
-			char *const argv[]);
+int minijail_run_no_preload(struct minijail *j, const char *filename,
+			    char *const argv[]);
 
-/* Run the specified command in the given minijail, execve(3)-style.
+/* Run the specified command in the given minijail, execve(2)-style.
  * Update |*pchild_pid| with the pid of the child.
  */
 int minijail_run_pid(struct minijail *j, const char *filename,
 		     char *const argv[], pid_t *pchild_pid);
 
-/* Run the specified command in the given minijail, execve(3)-style.
+/* Run the specified command in the given minijail, execve(2)-style.
  * Update |*pstdin_fd| with a fd that allows writing to the child's
  * standard input.
  */
 int minijail_run_pipe(struct minijail *j, const char *filename,
 		      char *const argv[], int *pstdin_fd);
 
-/* Run the specified command in the given minijail, execve(3)-style.
+/* Run the specified command in the given minijail, execve(2)-style.
  * Update |*pchild_pid| with the pid of the child.
  * Update |*pstdin_fd| with a fd that allows writing to the child's
  * standard input.
@@ -137,7 +137,7 @@
 			  char *const argv[], pid_t *pchild_pid,
 			  int *pstdin_fd);
 
-/* Run the specified command in the given minijail, execve(3)-style.
+/* Run the specified command in the given minijail, execve(2)-style.
  * Update |*pchild_pid| with the pid of the child.
  * Update |*pstdin_fd| with a fd that allows writing to the child's
  * standard input.