minijail: Add option to enter a new IPC namespace Export this feature through the '-l' option to minijail0. TEST=run minijail0 with the -l option, check that the executed program is in a different ipc namesspace with /proc/self/ns/ipc. BUG=b/25770648 Change-Id: Ia8f72cc59160fc736c8a58cb68d9894f9c92281c Signed-off-by: Dylan Reid <dgreid@chromium.org>

commit: f794247e0413fe36759a2bdcaa5bdd75cf3163a2 [log] [tgz]
author: Dylan Reid <dgreid@chromium.org> Wed Nov 18 17:55:26 2015 -0800
committer: Dylan Reid <dgreid@google.com> Mon Nov 23 10:15:35 2015 -0800
tree: c6d9d728af9bd92960491c6ed0473672462b45fc
parent: eac2894b0b59ba1e33c3f173c00c26bdb0268afb [diff] [blame]
diff --git a/minijail0.1 b/minijail0.1
index 1f3b126..122ecc5 100644
--- a/minijail0.1
+++ b/minijail0.1

@@ -49,6 +49,10 @@
 (Other direct numbers may be specified if minijail0 is not in sync with the
  host kernel or something like 32/64-bit compatibility issues exist.)
 .TP
+\fB-l\fR
+Run inside a new IPC namespace. This option makes the program's System V IPC
+namespace independent.
+.TP
 \fB-p\fR
 Run inside a new PID namespace. This option will make it impossible for the
 program to see or affect processes that are not its descendants. This implies
commit	f794247e0413fe36759a2bdcaa5bdd75cf3163a2	[log] [tgz]
author	Dylan Reid <dgreid@chromium.org>	Wed Nov 18 17:55:26 2015 -0800
committer	Dylan Reid <dgreid@google.com>	Mon Nov 23 10:15:35 2015 -0800
tree	c6d9d728af9bd92960491c6ed0473672462b45fc
parent	eac2894b0b59ba1e33c3f173c00c26bdb0268afb [diff] [blame]