|author||Mike Frysinger <email@example.com>||Wed Jun 26 04:33:17 2019 -0400|
|committer||Mike Frysinger <firstname.lastname@example.org>||Wed Jun 26 04:33:17 2019 -0400|
syscall_filter: fix multiline parsing with more than one line The return value of the getmultiline helper wasn't returning the full length of the string, just the first half. This caused us to fail to parse more than one line continuation. Bug: None Test: unittests pass (with updated test case) Change-Id: I4356e14fb00a8c295cae481c4d578efe3c7e83fd
The Minijail homepage and main repo is https://android.googlesource.com/platform/external/minijail/.
There might be other copies floating around, but this is the official one!
Minijail is a sandboxing and containment tool used in Chrome OS and Android. It provides an executable that can be used to launch and sandbox other programs, and a library that can be used by code to sandbox itself.
git clone away from happiness.
$ git clone https://android.googlesource.com/platform/external/minijail $ cd minijail
Releases are tagged as
See the HACKING.md document for more details.
See the RELEASE.md document for more details.
We've got a couple of contact points.
The following talk serves as a good introduction to Minijail and how it can be used.
The Chromium OS project has a comprehensive sandboxing document that is largely based on Minijail.
After you play with the simple examples below, you should check that out.
# id uid=0(root) gid=0(root) groups=0(root),128(pkcs11) # minijail0 -u jorgelo -g 5000 /usr/bin/id uid=72178(jorgelo) gid=5000(eng) groups=5000(eng)
# minijail0 -u jorgelo -c 3000 -- /bin/cat /proc/self/status Name: cat ... CapInh: 0000000000003000 CapPrm: 0000000000003000 CapEff: 0000000000003000 CapBnd: 0000000000003000