commit | 8beba5fe6b590a0deff0f15acdf8c1adfc2937e4 | [log] [tgz] |
---|---|---|
author | Karsten Tausche <karsten@fairphone.com> | Wed Dec 08 11:06:45 2021 +0100 |
committer | Karsten Tausche <karsten@fairphone.com> | Wed Dec 08 11:06:45 2021 +0100 |
tree | 6ebdb03aa50ebc72d73fd93a4ea277a434fcb104 | |
parent | b1a66cfb268d4358ffe6e1f200d582e2ecbfda79 [diff] | |
parent | 13c257bca9a38043781672af3b7df4c5ede1c268 [diff] |
Merge tag 'android-11.0.0_r48' into int/11/fp3 Android 11.0.0 Release 48 (RD2A.211001.002) * tag 'android-11.0.0_r48': Change-Id: I7b12d9ba43f4c044bc513f1529f7f826224ee3d8
The Minijail homepage and main repo is https://android.googlesource.com/platform/external/minijail/.
There might be other copies floating around, but this is the official one!
Minijail is a sandboxing and containment tool used in Chrome OS and Android. It provides an executable that can be used to launch and sandbox other programs, and a library that can be used by code to sandbox itself.
You're one git clone
away from happiness.
$ git clone https://android.googlesource.com/platform/external/minijail $ cd minijail
Releases are tagged as linux-vXX
: https://android.googlesource.com/platform/external/minijail/+refs
See the HACKING.md document for more details.
See the RELEASE.md document for more details.
See the tools/README.md document for more details.
We've got a couple of contact points.
The following talk serves as a good introduction to Minijail and how it can be used.
The Chromium OS project has a comprehensive sandboxing document that is largely based on Minijail.
After you play with the simple examples below, you should check that out.
# id uid=0(root) gid=0(root) groups=0(root),128(pkcs11) # minijail0 -u jorgelo -g 5000 /usr/bin/id uid=72178(jorgelo) gid=5000(eng) groups=5000(eng)
# minijail0 -u jorgelo -c 3000 -- /bin/cat /proc/self/status Name: cat ... CapInh: 0000000000003000 CapPrm: 0000000000003000 CapEff: 0000000000003000 CapBnd: 0000000000003000