Add a flag to drop access to the session keyring Now that chrome os is moving over to ext4 based directory encryption, the encryption keys are stored in the session keyring. Applications that don't need to access the encrypted user data directory don't need access to this keyring. Add a flag for applications to drop access to the session keyring when they don't need it. Bug: crbug.com/682419 TEST=autotest in a later CL Change-Id: I3cb8f120d9f4891d9a13f7fe342b0388e9975605 Signed-off-by: Chirantan Ekbote <chirantan@google.com>

commit: 866bb3acc5b62235567171dfed9205a5b8c3e039 [log] [tgz]
author: Chirantan Ekbote <chirantan@google.com> Tue Feb 07 12:26:42 2017 -0800
committer: Treehugger Robot <treehugger-gerrit@google.com> Wed Feb 08 22:36:39 2017 +0000
tree: 51dd76e302d8fc1b8f3ac45470dfe3d2c0939bc7
parent: 959f656840f8b1b9d053be124e89d32dac8272e7 [diff] [blame]
diff --git a/minijail0.1 b/minijail0.1
index cdc3083..e186fef 100644
--- a/minijail0.1
+++ b/minijail0.1

@@ -138,6 +138,10 @@
 \fB-V <file>\fR
 Enter the VFS namespace specified by \fIfile\fR.
 .TP
+\fB-w\fR
+Create and join a new anonymous session keyring.  See \fBkeyrings\fR(7) for more
+details.
+.TP
 \fB-y\fR
 Keep the current user's supplementary groups.
 .TP
commit	866bb3acc5b62235567171dfed9205a5b8c3e039	[log] [tgz]
author	Chirantan Ekbote <chirantan@google.com>	Tue Feb 07 12:26:42 2017 -0800
committer	Treehugger Robot <treehugger-gerrit@google.com>	Wed Feb 08 22:36:39 2017 +0000
tree	51dd76e302d8fc1b8f3ac45470dfe3d2c0939bc7
parent	959f656840f8b1b9d053be124e89d32dac8272e7 [diff] [blame]