• Home
Name Date Size #Lines LOC

..--

.github/03-May-2024-4731

examples/03-May-2024-9459

linux-x86/03-May-2024-2,2162,209

test/03-May-2024-177126

tools/03-May-2024-4,1143,233

.clang-formatD03-May-2024181 87

.gitignoreD03-May-2024604 4535

Android.bpD03-May-202411.3 KiB473420

CPPLINT.cfgD03-May-202417 21

Cargo.tomlD03-May-2024221 1612

CleanSpec.mkD03-May-20242.2 KiB521

HACKING.mdD03-May-20242.3 KiB7653

LICENSED03-May-20241.5 KiB2928

MODULE_LICENSE_BSDD03-May-20240

MakefileD03-May-20247.6 KiB244150

NOTICED03-May-20241.5 KiB2827

OWNERSD03-May-2024183 108

OWNERS.rustD03-May-2024203 75

PRESUBMIT.cfgD03-May-2024195 96

PREUPLOAD.cfgD03-May-2024133 64

README.mdD03-May-20242.8 KiB9363

RELEASE.mdD03-May-2024530 2517

TEST_MAPPINGD03-May-2024245 1716

arch.hD03-May-20242.4 KiB8768

bpf.cD03-May-202410.2 KiB393303

bpf.hD03-May-20246.1 KiB220152

build.rsD03-May-20241.3 KiB4126

common.mkD03-May-202432.3 KiB953561

dump_constants.ccD03-May-20241.5 KiB5138

elfparse.cD03-May-20244.7 KiB11988

elfparse.hD03-May-20244 KiB10070

gen_constants-inl.hD03-May-2024802 3125

gen_constants.cD03-May-202431 21

gen_constants.shD03-May-20241.7 KiB6233

gen_syscalls.cD03-May-202424 21

gen_syscalls.shD03-May-20241.5 KiB5830

get_googletest.shD03-May-2024208 73

lib.rsD03-May-20241.8 KiB433

libconstants.hD03-May-2024401 168

libminijail-private.hD03-May-20242.6 KiB9524

libminijail.cD03-May-202481 KiB3,2582,342

libminijail.hD03-May-202417.6 KiB477132

libminijail.pc.inD03-May-2024157 97

libminijail.rsD03-May-202410.9 KiB390386

libminijail_unittest.ccD03-May-202429.7 KiB1,061814

libminijailpreload.cD03-May-20244.8 KiB14875

libsyscalls.hD03-May-2024409 179

minijail0.1D03-May-202415.5 KiB365341

minijail0.5D03-May-20245.9 KiB167126

minijail0.cD03-May-20242 KiB8250

minijail0_cli.cD03-May-202428.6 KiB1,044877

minijail0_cli.hD03-May-2024630 2814

minijail0_cli_unittest.ccD03-May-202414.8 KiB529309

navbar.mdD03-May-2024348 129

parse_seccomp_policy.ccD03-May-20242.7 KiB11085

platform2_preinstall.shD03-May-2024323 167

scoped_minijail.hD03-May-2024639 3318

setup.pyD03-May-20241.8 KiB5231

signal_handler.cD03-May-20241.6 KiB8355

signal_handler.hD03-May-2024346 154

syscall_filter.cD03-May-202422.2 KiB878601

syscall_filter.hD03-May-20241.6 KiB7046

syscall_filter_unittest.ccD03-May-202457.4 KiB2,0221,449

syscall_filter_unittest_macros.hD03-May-20243.6 KiB126101

syscall_wrapper.cD03-May-2024875 3521

syscall_wrapper.hD03-May-2024246 71

system.cD03-May-202412.8 KiB506314

system.hD03-May-20241.5 KiB6842

system_unittest.ccD03-May-202410.5 KiB334220

testrunner.ccD03-May-2024704 3317

util.cD03-May-202412.7 KiB546394

util.hD03-May-20247.5 KiB24387

util_unittest.ccD03-May-20244.9 KiB161118

README.md

1# Minijail
2
3The Minijail homepage and main repo is
4https://android.googlesource.com/platform/external/minijail/.
5
6There might be other copies floating around, but this is the official one!
7
8[TOC]
9
10## What is it?
11
12Minijail is a sandboxing and containment tool used in Chrome OS and Android.
13It provides an executable that can be used to launch and sandbox other programs,
14and a library that can be used by code to sandbox itself.
15
16## Getting the code
17
18You're one `git clone` away from happiness.
19
20```
21$ git clone https://android.googlesource.com/platform/external/minijail
22$ cd minijail
23```
24
25Releases are tagged as `linux-vXX`:
26https://android.googlesource.com/platform/external/minijail/+refs
27
28## Building
29
30See the [HACKING.md](./HACKING.md) document for more details.
31
32## Release process
33
34See the [RELEASE.md](./RELEASE.md) document for more details.
35
36## Additional tools
37
38See the [tools/README.md](./tools/README.md) document for more details.
39
40## Contact
41
42We've got a couple of contact points.
43
44* [minijail@chromium.org]: Public user & developer mailing list.
45* [minijail-users@google.com]: Internal Google user mailing list.
46* [minijail-dev@google.com]: Internal Google developer mailing list.
47* [crbug.com/list]: Existing bug reports & feature requests.
48* [crbug.com/new]: File new bug reports & feature requests.
49* [AOSP Gerrit]: Code reviews.
50
51[minijail@chromium.org]: https://groups.google.com/a/chromium.org/forum/#!forum/minijail
52[minijail-users@google.com]: https://groups.google.com/a/google.com/forum/#!forum/minijail-users
53[minijail-dev@google.com]: https://groups.google.com/a/google.com/forum/#!forum/minijail-dev
54[crbug.com/list]: https://crbug.com/?q=component:OS>Systems>Minijail
55[crbug.com/new]: https://bugs.chromium.org/p/chromium/issues/entry?components=OS>Systems>Minijail
56[AOSP Gerrit]: https://android-review.googlesource.com/q/project:platform/external/minijail
57
58## Talks and presentations
59
60The following talk serves as a good introduction to Minijail and how it can be used.
61
62[Video](https://drive.google.com/file/d/0BwPS_JpKyELWZTFBcTVsa1hhYjA/preview),
63[slides](https://docs.google.com/presentation/d/1r6LpvDZtYrsl7ryOV4HtpUR-phfCLRL6PA-chcL1Kno/present).
64
65## Example usage
66
67The Chromium OS project has a comprehensive
68[sandboxing](https://chromium.googlesource.com/chromiumos/docs/+/master/sandboxing.md)
69document that is largely based on Minijail.
70
71After you play with the simple examples below, you should check that out.
72
73### Change root to any user
74
75```
76# id
77uid=0(root) gid=0(root) groups=0(root),128(pkcs11)
78# minijail0 -u jorgelo -g 5000 /usr/bin/id
79uid=72178(jorgelo) gid=5000(eng) groups=5000(eng)
80```
81
82### Drop root while keeping some capabilities
83
84```
85# minijail0 -u jorgelo -c 3000 -- /bin/cat /proc/self/status
86Name: cat
87...
88CapInh: 0000000000003000
89CapPrm: 0000000000003000
90CapEff: 0000000000003000
91CapBnd: 0000000000003000
92```
93