minijail: Allow skipping setting securebits when restricting caps
This change allows the user to optionally skip setting a subset of the
securebits that are automatically set when restricting caps.
Bug: 63069223
Test: $ gcc -static -xc -o securebits - << EOF
#include <stdio.h>
#include <sys/prctl.h>
int main()
{
printf("%x\n", prctl(PR_GET_SECUREBITS));
}
EOF
$ sudo ./minijail0 -c 1fffffffff --ambient ./securebits
2f
$ sudo ./minijail0 -c 1fffffffff --ambient -B 2f ./securebits
0
Change-Id: Ie247302bbbb35f04caa2066541a8c175f6c94976
5 files changed