Gitiles
Code Review
Sign In
gerrit-public.fairphone.software
/
platform
/
external
/
minijail
/
4c07d39cb6fc4c721e200dbfc786f660a6a469ac
/
libminijail.c
b4b7c5a
Revert "Fix RO-remount logic for bindmounts"
by Jorge Lucangeli Obes
· 5 years ago
7654c6e
Revert "Fix statvfs() call on non-existent directories."
by Jorge Lucangeli Obes
· 5 years ago
9299cae
Fix statvfs() call on non-existent directories.
by Jorge Lucangeli Obes
· 5 years ago
cf3bbea
Clarify namespace fd preservation comment.
by Jorge Lucangeli Obes
· 5 years ago
2337f80
Preserve namespace file descriptors.
by Jorge Lucangeli Obes
· 5 years ago
52f6ada
make die messages slightly different
by Mike Frysinger
· 5 years ago
64cf3cb
Fix RO-remount logic for bindmounts
by Kevin Hamacher
· 5 years ago
32201f8
Add support for SECCOMP_RET_LOG.
by Jorge Lucangeli Obes
· 5 years ago
e1a8689
Add scaffolding to support SECCOMP_RET_LOG.
by Jorge Lucangeli Obes
· 5 years ago
9b41e65
minijail: Add a flag to call setsid() in child
by Xiyuan Xia
· 5 years ago
2d69add
libminijail: Block child sync for all configuration.
by Daniel Erat
· 5 years ago
d1d24d2
minijail: Stop using putenv(3)
by Luis Hector Chavez
· 5 years ago
2fa96d1
Allow skipping RO /proc mount.
by Jorge Lucangeli Obes
· 5 years ago
48b5ff1
minijail: Untangle redundant SECUREBITS logic
by Mattias Nissler
· 6 years ago
d2c951d
Add support for passing a new environment to the child.
by Jorge Lucangeli Obes
· 6 years ago
771d4c0
Reduce mount logging.
by Jorge Lucangeli Obes
· 5 years ago
902a449
libminijail: fix entering of mount & net namespaces
by Mike Frysinger
· 6 years ago
c3e1772
minijail: Add support for pre-compiled BPF programs
by Luis Hector Chavez
· 6 years ago
83a4489
minijail: Enter all namespaces before calling execve(2)
by Luis Hector Chavez
· 6 years ago
9acba45
minijail: Add a way to specify the path of libminijailpreload.so
by Luis Hector Chavez
· 6 years ago
916c6c3
add a build-time knob to disable seccomp logging (-L)
by Mike Frysinger
· 6 years ago
b7803c8
minijail0: change default mount settings for tmpfs mounts
by Mike Frysinger
· 6 years ago
aeab0e1
Remove semi-pointless info() message.
by Jorge Lucangeli Obes
· 6 years ago
cb8674d
minijail0: change default mount flags with -k
by Mike Frysinger
· 6 years ago
3d98f3c
Rename running_with_asan_or_hwasan (NFC).
by Evgenii Stepanov
· 6 years ago
825828c
Skip setting seccomp filter under HWASan, same as ASan.
by Evgenii Stepanov
· 6 years ago
89cbc32
minijail: Avoid setting PR_SET_KEEPCAPS if that bit is locked
by Luis Hector Chavez
· 6 years ago
a30a206
Add the 'e' flag to all fopen(3) calls
by Luis Hector Chavez
· 6 years ago
0bacbf8
minijail: Copy the mount flags from source when bind-mounting
by Luis Hector Chavez
· 6 years ago
33d051a
stop using "nr" for signal numbers
by Mike Frysinger
· 6 years ago
d9ef07c
clean up & unify compiler attributes
by Mike Frysinger
· 6 years ago
5423421
Skip dropping the bounding set without SECURE_NOROOT.
by Jorge Lucangeli Obes
· 6 years ago
a27118a
Add a way to reset signal handlers
by Luis Hector Chavez
· 6 years ago
1b32f85
Use warn() when logging an error for setup_mount_destination()
by yusukes
· 6 years ago
785b1c3
extend -K to accept a mount propagation type
by Mike Frysinger
· 6 years ago
7058a2d
Use rlim_t for the arguments in minijail_rlimit()
by Luis Hector Chavez
· 7 years ago
8c3acbc
Fix leaks in mount_one()
by Luis Hector Chavez
· 7 years ago
5dd5b1b
move setpgid() from libminijail to minijail0
by Stephen Barber
· 7 years ago
ac08a68
allow bind mounts outside of chroots
by Mike Frysinger
· 7 years ago
0d1cbf6
libminijail: increase max preserved FDs
by Stephen Barber
· 7 years ago
33ffef3
add an option to set up a minimal /dev
by Mike Frysinger
· 8 years ago
0412dcc
Add minijail_fork
by Dylan Reid
· 7 years ago
ac981fc
minijail: Decouple the do_init flag
by Luis Hector Chavez
· 7 years ago
7132355
Improve the way uid/gid changes in unprivileged userns
by Luis Hector Chavez
· 7 years ago
114a930
Allow redirecting logging to an FD
by Luis Hector Chavez
· 7 years ago
7624e71
Improve compiler logging
by Luis Hector Chavez
· 7 years ago
64730af
Add a pre-chroot hook
by Luis Hector Chavez
· 7 years ago
18c49c8
Make minijail_run_internal static
by Dylan Reid
· 7 years ago
acfb8be
Move minijail_run args in to a struct.
by Dylan Reid
· 7 years ago
eaab420
abort when bind mounting a non-existent source path
by Mike Frysinger
· 7 years ago
1617f63
minijail: Add a way to allow arbitrary fd redirects
by Luis Hector Chavez
· 7 years ago
e0ba4ce
minijail: Add minijail_add_hook()
by Luis Hector Chavez
· 7 years ago
ec0a2c1
minijail: Allow skipping setting securebits when restricting caps
by Luis Hector Chavez
· 7 years ago
fe5fb8e
minijail: Add support for dropping caps with static binaries
by Luis Hector Chavez
· 7 years ago
0f72ef4
Add the ability to set rlimits on the jailed process
by Dylan Reid
· 7 years ago
b9a7b16
support creating new uts namespaces (and setting hostnames)
by Mike Frysinger
· 7 years ago
dba6209
Reland "Add optional signal forwarder and '-z' option to cli"
by Jorge Lucangeli Obes
· 7 years ago
7151582
Revert "Add optional signal forwarder and '-z' option to cli"
by Roozbeh Pournader
· 7 years ago
74b9027
Add optional signal forwarder and '-z' option to cli
by Graziano Misuraca
· 7 years ago
f6058c3
Fix prctl() call.
by Jorge Lucangeli Obes
· 7 years ago
a6eb21a
Implement initial ambient capabilities support.
by Jorge Lucangeli Obes
· 7 years ago
0b20877
Refactor Minijail in preparation for ambient capabilities work.
by Jorge Lucangeli Obes
· 7 years ago
866bb3a
Add a flag to drop access to the session keyring
by Chirantan Ekbote
· 7 years ago
ab9eb44
allow specifying larger /tmp tmpfs mounts
by Martin Pelikán
· 8 years ago
b91d404
add nosuid/nodev/noexec settings to the /tmp mount
by Mike Frysinger
· 8 years ago
3ba8157
name the /proc mount
by Mike Frysinger
· 8 years ago
0dce757
fix mode settings on /tmp mount
by Mike Frysinger
· 8 years ago
eea841b
keep error checking style with setgroups logic
by Mike Frysinger
· 8 years ago
3454319
Clarify, simplify some error messages.
by Jorge Lucangeli Obes
· 8 years ago
6b190c0
ignore missing /proc/<pid>/setgroups files
by Mike Frysinger
· 8 years ago
13807cb
minijail: Add ability to keep supplementary gids.
by Lutz Justen
· 8 years ago
457a5e3
Improve error messages.
by Jorge Lucangeli Obes
· 8 years ago
2449956
Call setgroups(2) only once when changing users.
by Jorge Lucangeli Obes
· 8 years ago
aa235b9
Create a new session for the jailed process.
by Jorge Lucangeli Obes
· 8 years ago
7559dfe
minijail: bring up loopback interface in new net namespaces
by Mike Frysinger
· 8 years ago
fb449ab
Add a PREUPLOAD.cfg file to enable clang-format
by Luis Hector Chavez
· 8 years ago
43ff080
Add an option to close all open file descriptors
by Luis Hector Chavez
· 8 years ago
713f6fb
Use SECCOMP_RET_TRAP when setting thread sync.
by Jorge Lucangeli Obes
· 8 years ago
200299c
Allow entering a user namespace with a default gid mapping.
by Jorge Lucangeli Obes
· 8 years ago
1365061
Add support for SECCOMP_FILTER_FLAG_TSYNC.
by Jorge Lucangeli Obes
· 8 years ago
4d4b3be
Add a function to load seccomp filters from a file descriptor.
by Jorge Lucangeli Obes
· 8 years ago
937ae7a
Merge "Fix return value check of write_pid_to_path"
by Treehugger Robot
· 8 years ago
db6dab4
Fix return value check of write_pid_to_path
by Keshav Santhanam
· 8 years ago
963eeec
Rename the init process inside PID namespaces.
by Jorge Lucangeli Obes
· 8 years ago
f205fff
Kill the child process before dying.
by Jorge Lucangeli Obes
· 8 years ago
ab6fa6f
Allow entering a user namespace with a default mapping.
by Jorge Lucangeli Obes
· 8 years ago
565e978
Fix soft-fail on Android.
by Jorge Lucangeli Obes
· 8 years ago
d906099
Merge "Move code away from libminijail.c."
by Treehugger Robot
· 8 years ago
7b2e29c
Move code away from libminijail.c.
by Jorge Lucangeli Obes
· 8 years ago
3b2e6e4
Free all strings in minijail_destroy().
by Jorge Lucangeli Obes
· 8 years ago
db0bc67
Use clang-format on more files.
by Jorge Lucangeli Obes
· 8 years ago
a205390
Allow dropping all caps but keeping root on static binaries.
by Jorge Lucangeli Obes
· 8 years ago
eec7796
Create mount destinations if they don't exist.
by Dylan Reid
· 8 years ago
81e2397
Allow mount data to be specified
by Dylan Reid
· 8 years ago
4cbc2a5
Add ability to enter a cgroup namespace
by Dylan Reid
· 8 years ago
df7fab1
Add logging message when using user namespaces and mount namespaces.
by Jorge Lucangeli Obes
· 8 years ago
7a56907
Avoid warning about BSD_SOURCE on glibc >= 2.20
by Arthur Gautier
· 8 years ago
2413f37
Skip setting seccomp filter when running with ASan.
by Jorge Lucangeli Obes
· 8 years ago
f783b52
Fix use of SECURE_ALL_BITS/SECURE_ALL_LOCKS.
by Jorge Lucangeli Obes
· 8 years ago
6b0de9b
Fix typo in error message.
by Jorge Lucangeli Obes
· 8 years ago
Next »