Create a new session for the jailed process.
This prevents the jailed process from using the TIOCSTI ioctl to push
characters into the parent process terminal's input buffer, therefore
escaping the jail.
To avoid messing with job control/signals in the non-interactive case
(i.e. when not started from the console), only do this if any of stdin,
stdout, or stderr are TTYs. Note that this bug only really affects
users who use 'minijail0' from the command line, which is not the case
for Android or Chrome OS.
Bug: 33073072
Bug: crbug.com/667493
Test: Use repro case from bug.
Change-Id: I7ab43ee8ba81110253809d98440ae572a01a6260
1 file changed