io_jail: allow mounting minimal set of devices

This plumbs in minijail_mount_dev() to allow mounting minimal set of
devices, such as full, zero, urandom, etc. in the jail.

BUG=b:117989168
TEST=cargo test -p io_jail

Change-Id: I072347a5eedab32d1fad6255c4e18e0242b9ac9f
Signed-off-by: Dmitry Torokhov <dtor@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1447330
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>

2 files changed, 6 insertions, 0 deletions

diff --git a/io_jail/src/lib.rs b/io_jail/src/lib.rs
index c50916e..53c6533 100644
--- a/io_jail/src/lib.rs
+++ b/io_jail/src/lib.rs
@@ -442,6 +442,11 @@ impl Minijail {
         }
         Ok(())
     }
+    pub fn mount_dev(&mut self) {
+        unsafe {
+            libminijail::minijail_mount_dev(self.jail);
+        }
+    }
     pub fn mount_tmp(&mut self) {
         unsafe {
             libminijail::minijail_mount_tmp(self.jail);
diff --git a/io_jail/src/libminijail.rs b/io_jail/src/libminijail.rs
index 8762721..6edacdc 100644
--- a/io_jail/src/libminijail.rs
+++ b/io_jail/src/libminijail.rs
@@ -56,6 +56,7 @@ extern "C" {
     pub fn minijail_enter_pivot_root(j: *mut minijail, dir: *const c_char) -> c_int;
     pub fn minijail_fork(j: *mut minijail) -> pid_t;
     pub fn minijail_get_original_path(j: *mut minijail, chroot_path: *const c_char) -> *mut c_char;
+    pub fn minijail_mount_dev(j: *mut minijail);
     pub fn minijail_mount_tmp(j: *mut minijail);
     pub fn minijail_mount_tmp_size(j: *mut minijail, size: usize);
     pub fn minijail_mount_with_data(