debugd: Add SetCapabilities to SandboxedProcess |
||||
Issue descriptiondebugd's SandboxedProcess doesn't expose a way to set minijail capabilities. I'd like to set CAP_NET_ADMIN on iw for issue 723084 .
,
Jul 5 2017
,
Jul 6 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/ad7de4ec59af0afb0c7eee5f9121f35743e6acc2 commit ad7de4ec59af0afb0c7eee5f9121f35743e6acc2 Author: Edward Hill <ecgh@chromium.org> Date: Thu Jul 06 20:59:19 2017 debugd: Add SetCapabilities to SandboxedProcess Add a SetCapabilities method that adds a "-c <caps>" minijail0 argument, allowing the capabilities of the SandboxedProcess to be restricted. BUG= chromium:739400 TEST=debugd test TEST=use SandboxedProcess to run iw with CAP_NET_ADMIN Change-Id: I7ea94785a382128b30755013322e45cd16922782 Reviewed-on: https://chromium-review.googlesource.com/560536 Commit-Ready: Edward Hill <ecgh@chromium.org> Tested-by: Edward Hill <ecgh@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> [modify] https://crrev.com/ad7de4ec59af0afb0c7eee5f9121f35743e6acc2/debugd/src/sandboxed_process.cc [modify] https://crrev.com/ad7de4ec59af0afb0c7eee5f9121f35743e6acc2/debugd/src/sandboxed_process.h
,
Jul 6 2017
,
Mar 2 2018
closing this as verified |
||||
►
Sign in to add a comment |
||||
Comment 1 by ecgh@chromium.org
, Jul 5 2017