Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / minijail / e0a530ea900551cd3e1e2b5ee91c0f5ceae8248b
commite0a530ea900551cd3e1e2b5ee91c0f5ceae8248b[log] [tgz]
authorYu-Hsi Chiang <yuhsi@google.com>Tue Sep 08 18:49:49 2015 +0800
committerSamuel Tan <samueltan@google.com>Mon Oct 05 16:40:05 2015 -0700
treed91fe864002ca6aee20be09aaeb12b621cbb9494
parent64d65a79d48186e1db532d227bc20123bf0d16cf [diff]
minijail: use new_root as put_old in pivot_root(2)

Instead of create a temp directory '.minijail_pivot' for put_old, reuse
the new_root as put_old. By doing this, we can use pivot_root even if we
don't have write permissions in that directory. Since the old root is
mounted over the new root, keep fds of both old and new root so that we
can use 'fchdir' to move between them.
The idea comes from lxc.
https://github.com/lxc/lxc/commit/2d489f9e87fa0cccd8a1762680a43eeff2fe1b6e

BUG=chromium:517844
TEST=security_Minijail0 passes

Change-Id: Ie446ad1d2557239c17b1a876a73459eca6d2d2ed
Reviewed-on: https://chromium-review.googlesource.com/297867
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
1 file changed
tree: d91fe864002ca6aee20be09aaeb12b621cbb9494
  1. test/
  2. Android.mk
  3. arch.h
  4. bpf.c
  5. bpf.h
  6. common.mk
  7. CPPLINT.cfg
  8. elfparse.c
  9. elfparse.h
  10. gen_constants.sh
  11. gen_syscalls.sh
  12. libconstants.h
  13. libminijail-private.h
  14. libminijail.c
  15. libminijail.h
  16. libminijail.pc.in
  17. libminijail_unittest.c
  18. libminijailpreload.c
  19. libsyscalls.h
  20. Makefile
  21. minijail0.1
  22. minijail0.5
  23. minijail0.c
  24. MODULE_LICENSE_BSD
  25. NOTICE
  26. OWNERS
  27. platform2_preinstall.sh
  28. PRESUBMIT.cfg
  29. signal_handler.c
  30. signal_handler.h
  31. syscall_filter.c
  32. syscall_filter.h
  33. syscall_filter_unittest.c
  34. test_harness.h
  35. util.c
  36. util.h