crosvm

mirrors/crosvm

Fork 0

mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2024-11-25 05:03:05 +00:00

Commit graph

Author	SHA1	Message	Date
Dylan Reid	61edbbff53	crosvm: Put block device process in a minijail Run with the new seccomp filter and drop all capabilities. In addition enter a new user, mount, network, and ipc namespace. Leave the mount namespace empty after pivot-rooting to an empty directory. Change-Id: Iee583cf260ede8ca13f005836684eb80c2c3ac3e Signed-off-by: Dylan Reid <dgreid@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/515603	2017-07-06 21:13:55 -07:00

Author

SHA1

Message

Date

Dylan Reid

61edbbff53

crosvm: Put block device process in a minijail

Run with the new seccomp filter and drop all capabilities.  In addition enter a
new user, mount, network, and ipc namespace.  Leave the mount namespace empty
after pivot-rooting to an empty directory.

Change-Id: Iee583cf260ede8ca13f005836684eb80c2c3ac3e
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/515603

2017-07-06 21:13:55 -07:00

1 commit