1# Minijail 2 3On Linux hosts, crosvm uses [minijail](https://google.github.io/minijail/) to sandbox the child 4devices. The minijail C library is utilized via a 5[Rust wrapper](https://android.googlesource.com/platform/external/minijail/+/refs/heads/master/rust/minijail/src/lib.rs) 6so as not to repeat the intricate sequence of syscalls used to make a secure isolated child process. 7The fact that minijail was written, maintained, and continuously tested by a professional security 8team more than makes up for its being written in an memory unsafe language. 9 10The exact configuration of the sandbox varies by device, but they are mostly alike. See 11`create_base_minijail` from `linux/jail_helpers.rs`. The set of security constraints explicitly used 12in crosvm are: 13 14- PID Namespace 15 - Runs as init 16- [Deny setgroups](https://lwn.net/Articles/626665/) 17- Optional limit the capabilities mask to `0` 18- User namespace 19 - Optional uid/gid mapping 20- Mount namespace 21 - Optional pivot into a new root 22- Network namespace 23- [PR_SET_NO_NEW_PRIVS](https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt) 24- [seccomp](seccomp.html) with optional log failure mode 25- Limit to number of file descriptors 26