minijail: Support setting syscall table with PR_ALT_SYSCALL Add support for setting the syscall table for a jailed process using prctl(PR_ALT_SYSCALL). This adds the option '-a <table>' which changes the jailed process's syscall table to the alt_syscall table named <table>. alt_syscall tables must be registerd in the kernel (see crosreview.com/312137 for an example of how this is done). Bug: 25649436 TEST=Create a test blacklist that blocks write(2) and observe that 'minijail0 -a test -- /bin/echo hello' prints nothing to stdout. Change-Id: Idddafa1d0b81483a594e05d9d3390d4f9ad849c6 Signed-off-by: Andrew Bresticker <abrestic@chromium.org>

commit: eac2894b0b59ba1e33c3f173c00c26bdb0268afb [log] [tgz]
author: Andrew Bresticker <abrestic@chromium.org> Wed Nov 11 16:04:46 2015 -0800
committer: Andrew Bresticker <abrestic@chromium.org> Fri Nov 13 10:34:09 2015 -0800
tree: 29594918960f4b8b036e69bb18cfad76fd933f41
parent: 648b220346aaee74ffbab35be6129bdfa5aca3a5 [diff] [blame]
diff --git a/libminijail.h b/libminijail.h
index 3f00a5e..e7f24ce 100644
--- a/libminijail.h
+++ b/libminijail.h

@@ -64,6 +64,10 @@
 int minijail_write_pid_file(struct minijail *j, const char *path);
 void minijail_inherit_usergroups(struct minijail *j);
 void minijail_disable_ptrace(struct minijail *j);
+/* Changes the jailed process's syscall table to the alt_syscall table
+ * named |table|.
+ */
+int minijail_use_alt_syscall(struct minijail *j, const char *table);
 
 /* minijail_enter_chroot: enables chroot() restriction for @j
  * @j   minijail to apply restriction to
commit	eac2894b0b59ba1e33c3f173c00c26bdb0268afb	[log] [tgz]
author	Andrew Bresticker <abrestic@chromium.org>	Wed Nov 11 16:04:46 2015 -0800
committer	Andrew Bresticker <abrestic@chromium.org>	Fri Nov 13 10:34:09 2015 -0800
tree	29594918960f4b8b036e69bb18cfad76fd933f41
parent	648b220346aaee74ffbab35be6129bdfa5aca3a5 [diff] [blame]