tag 644534dc6fd9f676fb50cbbb04511c6cf7eceb51
tagger The Android Open Source Project <initial-contribution@android.com> Mon Dec 11 10:14:34 2017 -0800
object d45fc420bb8fd9d1fc9297174f3c344db8c20bbd

Android O IOT Preview 6 (4475743)

commit d45fc420bb8fd9d1fc9297174f3c344db8c20bbd
author Luis Hector Chavez <lhchavez@google.com> Wed Oct 25 15:11:53 2017 -0700
committer Treehugger Robot <treehugger-gerrit@google.com> Tue Nov 28 19:32:27 2017 +0000
tree d241154062b66af0c92e9ef4393c049c0dbe0527
parent 960b56b84bc74cf5f9bc64cd97dce92453ea1a5a

Add the --profile flag

This flag allows the caller to specify a sandboxing profile, which sets
various flags commonly used together.

It also adds the 'setup-mount' profile, which sets up a minimalistic
mount namespace rooted at /var/empty with /dev, /tmp, and /proc mounted.
This should make creating containers that don't hold to unnecessary
mounts even simpler.

Bug: 65450844
Test: minijail0 --profile=minimalistic-mountns -p -- /bin/mount

Change-Id: I0b566ebf8dcf2644f16b66a7bb0cf4268a983a46