New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 697503 link

Starred by 1 user
Status: Assigned
Owner:
hychao@chromium.org
Cc:
vpalatin@chromium.org
hychao@chromium.org
vapier@chromium.org
h...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

jabra-vold should use linux namespaces to isolate itself

Project Member Reported by vapier@chromium.org, Mar 1 2017 
can we run the daemon under linux namespaces to further isolate itself ?

-e disables network access (i don't think jabra needs the network)
-l enter a new IPC namespace (i don't think jabra needs shared memory)
-v enter a new mount namespace (since jabra doesn't care about mounts)

i don't think -p (pid) would work since jabra manages its own pid to start/stop itself

Comment 1 by h...@chromium.org, Mar 7 2017

Cc: vpalatin@chromium.org
Owner: ----
sorry I'm not with Chrome OS team any more.

CC +vpalatin@

Comment 2 by vapier@chromium.org, Mar 7 2017

Owner: hychao@chromium.org

Comment 3 by benhenry@chromium.org, Aug 1

Status: Assigned (was: Untriaged)

Sign in to add a comment