Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / platform / minijail / e58176c07895532d49b4cb9a660a4eeb644d4e2f
commite58176c07895532d49b4cb9a660a4eeb644d4e2f[log] [tgz]
authorElly Jones <ellyjones@chromium.org>Mon Jan 23 11:46:17 2012 -0500
committerGerrit <chrome-bot@google.com>Mon Jan 23 10:53:16 2012 -0800
treef5cdcce4a8de15526febd6b996beb4c6b69565c5
parenta1059630647ed53a77726d9031dda0eab48bc1a4 [diff]
[minijail] pid namespace implies vfs namespace

Make a pid namespace imply both a new vfs namespace and a /proc remount, since
if we don't remount /proc, the old pid namespace is still reachable through the
old mount there.

BUG=chromium-os:25303
TEST=security_Minijail0

Change-Id: I91887d3ed6bc0e958e249c3c158735bc04f20fcd
Signed-off-by: Elly Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/14617
Reviewed-by: Kees Cook <keescook@chromium.org>
4 files changed
tree: f5cdcce4a8de15526febd6b996beb4c6b69565c5
  1. inherit-review-settings-ok
  2. libminijail-private.h
  3. libminijail.c
  4. libminijail.h
  5. libminijail_unittest.c
  6. libminijailpreload.c
  7. libsyscalls.h
  8. LICENSE
  9. Makefile
  10. minijail0.1
  11. minijail0.5
  12. minijail0.c
  13. OWNERS
  14. test_harness.h
  15. WATCHLISTS