|author||Matt Delco <firstname.lastname@example.org>||Wed Feb 12 23:05:05 2020 -0800|
|committer||Treehugger Robot <email@example.com>||Thu Feb 13 14:01:45 2020 +0000|
Avoid bextr in dump_constants When dump_constants is compiled for newer AMD processors it can end up using a bextr instruction that may not be present on other makes/models of processors. The act of calling std::cout on a numeric type ends up in num_put<,>::do_put() which does: const unsigned __nbuf = (numeric_limits<unsigned long>::digits / 3) + ((numeric_limits<unsigned long>::digits % 3) != 0) + ((__iob.flags() & ios_base::showbase) != 0) + 1; ios_base::showbase is 0x0200, so the bit test against showbase results in: bextr $0x109,0x8(%rdx),%r12d which says to extract 1 bit from bit offset 9. A workaround is to use to_string() to avoid passing numeric types to cout. This alternative is straightforward and the implementation is simpler (to_string() does not have formatting nor locale options), though it doesn't prevent the problem from occurring again in the future (e.g., when the source or compiler changes). Bug: None Test: `make tests`. Ran dump_constants on arm32, arm64, and x64 in CrOS build environment. Change-Id: Ic16574141f6c935bff958e5d1f27c81994a993ab
The Minijail homepage and main repo is https://android.googlesource.com/platform/external/minijail/.
There might be other copies floating around, but this is the official one!
Minijail is a sandboxing and containment tool used in Chrome OS and Android. It provides an executable that can be used to launch and sandbox other programs, and a library that can be used by code to sandbox itself.
git clone away from happiness.
$ git clone https://android.googlesource.com/platform/external/minijail $ cd minijail
Releases are tagged as
See the HACKING.md document for more details.
See the RELEASE.md document for more details.
See the tools/README.md document for more details.
We've got a couple of contact points.
The following talk serves as a good introduction to Minijail and how it can be used.
The Chromium OS project has a comprehensive sandboxing document that is largely based on Minijail.
After you play with the simple examples below, you should check that out.
# id uid=0(root) gid=0(root) groups=0(root),128(pkcs11) # minijail0 -u jorgelo -g 5000 /usr/bin/id uid=72178(jorgelo) gid=5000(eng) groups=5000(eng)
# minijail0 -u jorgelo -c 3000 -- /bin/cat /proc/self/status Name: cat ... CapInh: 0000000000003000 CapPrm: 0000000000003000 CapEff: 0000000000003000 CapBnd: 0000000000003000