• Home
Name Date Size #Lines LOC

..--

examples/03-May-2024-9257

linux-x86/03-May-2024-2,2082,202

test/03-May-2024-177126

tools/03-May-2024-3,7772,978

.clang-formatD03-May-2024181 87

.gitignoreD03-May-2024550 4031

Android.bpD03-May-20249.3 KiB375327

CPPLINT.cfgD03-May-202417 21

CleanSpec.mkD03-May-20242.2 KiB521

HACKING.mdD03-May-20242.3 KiB7653

LICENSED03-May-20241.5 KiB2928

MODULE_LICENSE_BSDD03-May-20240

MakefileD03-May-20247.2 KiB237145

NOTICED03-May-20241.5 KiB2827

OWNERSD03-May-2024108 76

PRESUBMIT.cfgD03-May-2024195 96

PREUPLOAD.cfgD03-May-2024133 64

README.mdD03-May-20242.7 KiB8961

RELEASE.mdD03-May-2024528 2517

arch.hD03-May-20242 KiB8466

bpf.cD03-May-202410.2 KiB393303

bpf.hD03-May-20245.9 KiB216149

common.mkD03-May-202432.3 KiB953561

dump_constants.ccD03-May-20241.2 KiB4837

elfparse.cD03-May-20244.7 KiB11988

elfparse.hD03-May-20244 KiB10070

gen_constants-inl.hD03-May-2024737 2722

gen_constants.cD03-May-202431 21

gen_constants.shD03-May-20241.7 KiB6233

gen_syscalls.cD03-May-202424 21

gen_syscalls.shD03-May-20241.5 KiB5830

get_googletest.shD03-May-2024208 73

libconstants.hD03-May-2024401 168

libminijail-private.hD03-May-20242.6 KiB9524

libminijail.cD03-May-202476.8 KiB3,1142,240

libminijail.hD03-May-202415.6 KiB423121

libminijail.pc.inD03-May-2024157 97

libminijail_unittest.ccD03-May-202423.6 KiB876675

libminijailpreload.cD03-May-20244.8 KiB14875

libsyscalls.hD03-May-2024409 179

minijail0.1D03-May-202414.6 KiB347324

minijail0.5D03-May-20245.9 KiB167126

minijail0.cD03-May-20242 KiB8250

minijail0_cli.cD03-May-202426.4 KiB969824

minijail0_cli.hD03-May-2024630 2814

minijail0_cli_unittest.ccD03-May-202413.7 KiB494286

navbar.mdD03-May-2024348 129

parse_seccomp_policy.ccD03-May-20242.6 KiB10480

platform2_preinstall.shD03-May-2024323 167

scoped_minijail.hD03-May-2024639 3318

signal_handler.cD03-May-20241.6 KiB8355

signal_handler.hD03-May-2024346 154

syscall_filter.cD03-May-202420.8 KiB822553

syscall_filter.hD03-May-20241.4 KiB5939

syscall_filter_unittest.ccD03-May-202452.8 KiB1,8611,337

syscall_filter_unittest_macros.hD03-May-20243 KiB11089

syscall_wrapper.cD03-May-2024875 3521

syscall_wrapper.hD03-May-2024246 71

system.cD03-May-202411.8 KiB467292

system.hD03-May-20241.6 KiB6842

system_unittest.ccD03-May-202411.4 KiB365240

testrunner.ccD03-May-2024704 3317

util.cD03-May-202411.3 KiB465330

util.hD03-May-20245.3 KiB17464

util_unittest.ccD03-May-20242.3 KiB8460

README.md

1# Minijail
2
3The Minijail homepage and main repo is
4https://android.googlesource.com/platform/external/minijail/.
5
6There might be other copies floating around, but this is the official one!
7
8[TOC]
9
10## What is it?
11
12Minijail is a sandboxing and containment tool used in Chrome OS and Android.
13It provides an executable that can be used to launch and sandbox other programs,
14and a library that can be used by code to sandbox itself.
15
16## Getting the code
17
18You're one `git clone` away from happiness.
19
20```
21$ git clone https://android.googlesource.com/platform/external/minijail
22$ cd minijail
23```
24
25Releases are tagged as `linux-vXX`:
26https://android.googlesource.com/platform/external/minijail/+refs
27
28## Building
29
30See the [HACKING.md](./HACKING.md) document for more details.
31
32## Release process
33
34See the [RELEASE.md](./RELEASE.md) document for more details.
35
36## Contact
37
38We've got a couple of contact points.
39
40* [minijail@chromium.org]: Public user & developer mailing list.
41* [minijail-users@google.com]: Internal Google user mailing list.
42* [minijail-dev@google.com]: Internal Google developer mailing list.
43* [crbug.com/list]: Existing bug reports & feature requests.
44* [crbug.com/new]: File new bug reports & feature requests.
45* [AOSP Gerrit]: Code reviews.
46
47[minijail@chromium.org]: https://groups.google.com/a/chromium.org/forum/#!forum/minijail
48[minijail-users@google.com]: https://groups.google.com/a/google.com/forum/#!forum/minijail-users
49[minijail-dev@google.com]: https://groups.google.com/a/google.com/forum/#!forum/minijail-dev
50[crbug.com/list]: https://crbug.com/?q=component:OS>Systems>Minijail
51[crbug.com/new]: https://bugs.chromium.org/p/chromium/issues/entry?components=OS>Systems>Minijail
52[AOSP Gerrit]: https://android-review.googlesource.com/q/project:platform/external/minijail
53
54## Talks and presentations
55
56The following talk serves as a good introduction to Minijail and how it can be used.
57
58[Video](https://drive.google.com/file/d/0BwPS_JpKyELWZTFBcTVsa1hhYjA/preview),
59[slides](https://docs.google.com/presentation/d/1r6LpvDZtYrsl7ryOV4HtpUR-phfCLRL6PA-chcL1Kno/present).
60
61## Example usage
62
63The Chromium OS project has a comprehensive
64[sandboxing](https://chromium.googlesource.com/chromiumos/docs/+/master/sandboxing.md)
65document that is largely based on Minijail.
66
67After you play with the simple examples below, you should check that out.
68
69### Change root to any user
70
71```
72# id
73uid=0(root) gid=0(root) groups=0(root),128(pkcs11)
74# minijail0 -u jorgelo -g 5000 /usr/bin/id
75uid=72178(jorgelo) gid=5000(eng) groups=5000(eng)
76```
77
78### Drop root while keeping some capabilities
79
80```
81# minijail0 -u jorgelo -c 3000 -- /bin/cat /proc/self/status
82Name: cat
83...
84CapInh: 0000000000003000
85CapPrm: 0000000000003000
86CapEff: 0000000000003000
87CapBnd: 0000000000003000
88```
89