diff options
| author | Matt Delco <delco@chromium.org> | 2019-11-13 08:05:55 -0800 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2019-11-16 10:29:04 +0000 |
| commit | 2da61323894c9c12d38fa18ed918987f297ea77d (patch) | |
| tree | a060c1cb901b4ccd787d6b8e6671de03caf1937b /io_jail/src/libminijail.rs | |
| parent | 8865c5b1951d3dc6dee7e164708b4ccc7f703de1 (diff) | |
| download | crosvm-2da61323894c9c12d38fa18ed918987f297ea77d.tar crosvm-2da61323894c9c12d38fa18ed918987f297ea77d.tar.gz crosvm-2da61323894c9c12d38fa18ed918987f297ea77d.tar.bz2 crosvm-2da61323894c9c12d38fa18ed918987f297ea77d.tar.lz crosvm-2da61323894c9c12d38fa18ed918987f297ea77d.tar.xz crosvm-2da61323894c9c12d38fa18ed918987f297ea77d.tar.zst crosvm-2da61323894c9c12d38fa18ed918987f297ea77d.zip | |
io_jail: add additional apis
This change adds additional APIs that are present in the libminijail header file but not in the rust thunk. In particular it adds the API that allows pre-compiled bpf files to be used as a policy file. The native API lacks an API to specify a filename (it only provides an API to provide the contents of the file). BUG=None TEST=Local run of build_test to confirm that both .bpf and .policy files work in a subsequent change. Change-Id: I15510ffa857b501512f3f9905882545f407bcd78 Signed-off-by: Matt Delco <delco@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1914415 Tested-by: kokoro <noreply+kokoro@google.com> Reviewed-by: Dylan Reid <dgreid@chromium.org>
Diffstat (limited to 'io_jail/src/libminijail.rs')
| -rw-r--r-- | io_jail/src/libminijail.rs | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/io_jail/src/libminijail.rs b/io_jail/src/libminijail.rs index 227e753..14175dc 100644 --- a/io_jail/src/libminijail.rs +++ b/io_jail/src/libminijail.rs @@ -3,7 +3,7 @@ // found in the LICENSE file. use libc::{gid_t, pid_t, rlim_t, uid_t}; -use std::os::raw::{c_char, c_int, c_ulong}; +use std::os::raw::{c_char, c_int, c_long, c_ulong}; /// Struct minijail is an opaque type inside libminijail. /// See the minijail man page for a description of functions. @@ -24,6 +24,7 @@ extern "C" { pub fn minijail_no_new_privs(j: *mut minijail); pub fn minijail_use_seccomp_filter(j: *mut minijail); pub fn minijail_set_seccomp_filter_tsync(j: *mut minijail); + pub fn minijail_set_seccomp_filters(j: *mut minijail, filter: *const net_sys::sock_fprog); pub fn minijail_parse_seccomp_filters(j: *mut minijail, path: *const c_char); pub fn minijail_parse_seccomp_filters_from_fd(j: *mut minijail, fd: c_int); pub fn minijail_log_seccomp_filter_failures(j: *mut minijail); @@ -31,16 +32,22 @@ extern "C" { pub fn minijail_capbset_drop(j: *mut minijail, capmask: u64); pub fn minijail_set_ambient_caps(j: *mut minijail); pub fn minijail_reset_signal_mask(j: *mut minijail); + pub fn minijail_reset_signal_handlers(j: *mut minijail); pub fn minijail_namespace_vfs(j: *mut minijail); pub fn minijail_namespace_enter_vfs(j: *mut minijail, ns_path: *const c_char); pub fn minijail_new_session_keyring(j: *mut minijail); + pub fn minijail_skip_setting_securebits(j: *mut minijail, securebits_skip_mask: u64); pub fn minijail_skip_remount_private(j: *mut minijail); + pub fn minijail_remount_mode(j: *mut minijail, mode: c_long); pub fn minijail_namespace_ipc(j: *mut minijail); + pub fn minijail_namespace_uts(j: *mut minijail); + pub fn minijail_namespace_set_hostname(j: *mut minijail, name: *const c_char) -> c_int; pub fn minijail_namespace_net(j: *mut minijail); pub fn minijail_namespace_enter_net(j: *mut minijail, ns_path: *const c_char); pub fn minijail_namespace_cgroups(j: *mut minijail); pub fn minijail_close_open_fds(j: *mut minijail); pub fn minijail_namespace_pids(j: *mut minijail); + pub fn minijail_namespace_pids_rw_proc(j: *mut minijail); pub fn minijail_namespace_user(j: *mut minijail); pub fn minijail_namespace_user_disable_setgroups(j: *mut minijail); pub fn minijail_uidmap(j: *mut minijail, uidmap: *const c_char) -> c_int; |