diff options
| author | Luis Hector Chavez <lhchavez@google.com> | 2017-07-12 10:03:30 -0700 |
|---|---|---|
| committer | Luis Hector Chavez <lhchavez@google.com> | 2017-08-16 08:21:58 -0700 |
| commit | 72042c99a65b91fb701f1b13a0ba4b225769eece (patch) | |
| tree | e48465b15b36513c58d600f3910e0148e7ac805c /tools/aapt2/java/JavaClassGenerator.cpp | |
| parent | b279ec51b6e53396509848ce025f4bdbdd608da6 (diff) | |
Improve container capability bounding in containers
This change stops relying on the ro.boot.container property for dropping
a subset of capabilities and instead relies on the effective capability
mask of the Zygote process, prior to forking.
When Android is running in a pid/mount/net/user namespace, even if a
particular capability is present, some operations that require that
capability check whether it is allowed in the init namespace (instead of
in the current namespace), so they would fail even with the capability
granted within the namespace. So, explicitly dropping the capabilities
from the beginning allows for clearer signalling of which operations can
be expected to work instead of failing silently for mysterious reasons.
Bug: 63579953
Test: aosp_bullhead-eng still boots
Test: Running Zygote without CAP_SYS_MODULE makes it such that
system_server does not request it.
Change-Id: I1d18d13341bcc04e701fd14092e7e94961728620
Diffstat (limited to 'tools/aapt2/java/JavaClassGenerator.cpp')
0 files changed, 0 insertions, 0 deletions