minijail: Support pivot_root Add an option that allows user to use pivot_root(2) when one want to jail process in a chrooted environment. This implies entering a new mount namespace since pivot_root(2) will really move the root filesystem. BUG=chromium:517844 TEST=security_Minijail0 passes Change-Id: Ie990670703b00e333fa4abc3804d6384d36fa7c9 Reviewed-on: https://chromium-review.googlesource.com/293128 Commit-Ready: Yu-hsi Chiang <yuhsi@google.com> Tested-by: Yu-hsi Chiang <yuhsi@google.com> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>

commit: 64d65a79d48186e1db532d227bc20123bf0d16cf [log] [tgz]
author: Yu-Hsi Chiang <yuhsi@google.com> Thu Aug 13 17:43:27 2015 +0800
committer: Samuel Tan <samueltan@google.com> Mon Oct 05 16:39:51 2015 -0700
tree: 2a612de100585c64679dbc0f81a249febdcb81a0
parent: 1912c5b5e88455e0a0c03fd375d232a498edd95d [diff] [blame]
diff --git a/libminijail.h b/libminijail.h
index 89abf6a..d3d1d37 100644
--- a/libminijail.h
+++ b/libminijail.h

@@ -75,6 +75,7 @@
  * Returns 0 on success.
  */
 int minijail_enter_chroot(struct minijail *j, const char *dir);
+int minijail_enter_pivot_root(struct minijail *j, const char *dir);
 
 /* minijail_mount_tmp: enables mounting of a tmpfs filesystem on /tmp.
  * As be rules of bind mounts, /tmp must exist in chroot.
commit	64d65a79d48186e1db532d227bc20123bf0d16cf	[log] [tgz]
author	Yu-Hsi Chiang <yuhsi@google.com>	Thu Aug 13 17:43:27 2015 +0800
committer	Samuel Tan <samueltan@google.com>	Mon Oct 05 16:39:51 2015 -0700
tree	2a612de100585c64679dbc0f81a249febdcb81a0
parent	1912c5b5e88455e0a0c03fd375d232a498edd95d [diff] [blame]