Home | History | Annotate | only in /external/minijail
Up to higher level directory
NameDateSize
.clang-format22-Oct-2020181
Android.bp22-Oct-20209.3K
arch.h22-Oct-20202K
bpf.c22-Oct-202010.2K
bpf.h22-Oct-20205.9K
CleanSpec.mk22-Oct-20202.2K
common.mk22-Oct-202032.3K
CPPLINT.cfg22-Oct-202017
dump_constants.cc22-Oct-20201.2K
elfparse.c22-Oct-20204.7K
elfparse.h22-Oct-20204K
examples/22-Oct-2020
gen_constants-inl.h22-Oct-2020737
gen_constants.c22-Oct-202031
gen_constants.sh22-Oct-20201.7K
gen_syscalls.c22-Oct-202024
gen_syscalls.sh22-Oct-20201.5K
get_googletest.sh22-Oct-2020208
HACKING.md22-Oct-20202.3K
libconstants.h22-Oct-2020401
libminijail-private.h22-Oct-20202.6K
libminijail.c22-Oct-202076.8K
libminijail.h22-Oct-202015.6K
libminijail.pc.in22-Oct-2020157
libminijail_unittest.cc22-Oct-202023.6K
libminijailpreload.c22-Oct-20204.8K
libsyscalls.h22-Oct-2020409
LICENSE22-Oct-20201.5K
linux-x86/22-Oct-2020
Makefile22-Oct-20207.2K
minijail0.122-Oct-202014.6K
minijail0.522-Oct-20205.9K
minijail0.c22-Oct-20202K
minijail0_cli.c22-Oct-202026.4K
minijail0_cli.h22-Oct-2020630
minijail0_cli_unittest.cc22-Oct-202013.7K
MODULE_LICENSE_BSD22-Oct-20200
navbar.md22-Oct-2020348
NOTICE22-Oct-20201.5K
OWNERS22-Oct-2020108
parse_seccomp_policy.cc22-Oct-20202.6K
platform2_preinstall.sh22-Oct-2020323
PRESUBMIT.cfg22-Oct-2020195
PREUPLOAD.cfg22-Oct-2020133
README.md22-Oct-20202.7K
RELEASE.md22-Oct-2020528
scoped_minijail.h22-Oct-2020639
signal_handler.c22-Oct-20201.6K
signal_handler.h22-Oct-2020346
syscall_filter.c22-Oct-202020.8K
syscall_filter.h22-Oct-20201.4K
syscall_filter_unittest.cc22-Oct-202052.8K
syscall_filter_unittest_macros.h22-Oct-20203K
syscall_wrapper.c22-Oct-2020875
syscall_wrapper.h22-Oct-2020246
system.c22-Oct-202011.8K
system.h22-Oct-20201.6K
system_unittest.cc22-Oct-202011.4K
test/22-Oct-2020
testrunner.cc22-Oct-2020704
tools/22-Oct-2020
util.c22-Oct-202011.3K
util.h22-Oct-20205.3K
util_unittest.cc22-Oct-20202.3K

README.md

      1 # Minijail
      2 
      3 The Minijail homepage and main repo is
      4 https://android.googlesource.com/platform/external/minijail/.
      5 
      6 There might be other copies floating around, but this is the official one!
      7 
      8 [TOC]
      9 
     10 ## What is it?
     11 
     12 Minijail is a sandboxing and containment tool used in Chrome OS and Android.
     13 It provides an executable that can be used to launch and sandbox other programs,
     14 and a library that can be used by code to sandbox itself.
     15 
     16 ## Getting the code
     17 
     18 You're one `git clone` away from happiness.
     19 
     20 ```
     21 $ git clone https://android.googlesource.com/platform/external/minijail
     22 $ cd minijail
     23 ```
     24 
     25 Releases are tagged as `linux-vXX`:
     26 https://android.googlesource.com/platform/external/minijail/+refs
     27 
     28 ## Building
     29 
     30 See the [HACKING.md](./HACKING.md) document for more details.
     31 
     32 ## Release process
     33 
     34 See the [RELEASE.md](./RELEASE.md) document for more details.
     35 
     36 ## Contact
     37 
     38 We've got a couple of contact points.
     39 
     40 * [minijail (a] chromium.org]: Public user & developer mailing list.
     41 * [minijail-users (a] google.com]: Internal Google user mailing list.
     42 * [minijail-dev (a] google.com]: Internal Google developer mailing list.
     43 * [crbug.com/list]: Existing bug reports & feature requests.
     44 * [crbug.com/new]: File new bug reports & feature requests.
     45 * [AOSP Gerrit]: Code reviews.
     46 
     47 [minijail (a] chromium.org]: https://groups.google.com/a/chromium.org/forum/#!forum/minijail
     48 [minijail-users (a] google.com]: https://groups.google.com/a/google.com/forum/#!forum/minijail-users
     49 [minijail-dev (a] google.com]: https://groups.google.com/a/google.com/forum/#!forum/minijail-dev
     50 [crbug.com/list]: https://crbug.com/?q=component:OS>Systems>Minijail
     51 [crbug.com/new]: https://bugs.chromium.org/p/chromium/issues/entry?components=OS>Systems>Minijail
     52 [AOSP Gerrit]: https://android-review.googlesource.com/q/project:platform/external/minijail
     53 
     54 ## Talks and presentations
     55 
     56 The following talk serves as a good introduction to Minijail and how it can be used.
     57 
     58 [Video](https://drive.google.com/file/d/0BwPS_JpKyELWZTFBcTVsa1hhYjA/preview),
     59 [slides](https://docs.google.com/presentation/d/1r6LpvDZtYrsl7ryOV4HtpUR-phfCLRL6PA-chcL1Kno/present).
     60 
     61 ## Example usage
     62 
     63 The Chromium OS project has a comprehensive
     64 [sandboxing](https://chromium.googlesource.com/chromiumos/docs/+/master/sandboxing.md)
     65 document that is largely based on Minijail.
     66 
     67 After you play with the simple examples below, you should check that out.
     68 
     69 ### Change root to any user
     70 
     71 ```
     72 # id
     73 uid=0(root) gid=0(root) groups=0(root),128(pkcs11)
     74 # minijail0 -u jorgelo -g 5000 /usr/bin/id
     75 uid=72178(jorgelo) gid=5000(eng) groups=5000(eng)
     76 ```
     77 
     78 ### Drop root while keeping some capabilities
     79 
     80 ```
     81 # minijail0 -u jorgelo -c 3000 -- /bin/cat /proc/self/status
     82 Name: cat
     83 ...
     84 CapInh: 0000000000003000
     85 CapPrm: 0000000000003000
     86 CapEff: 0000000000003000
     87 CapBnd: 0000000000003000
     88 ```
     89