eclass: add devicejail user/group, cuse group The cuse group will have access to /dev/cuse. We will run device_jail and device_jail_fs as the device_jail user in order to make sure we don't have root daemons running around. BUG=chromium:644338 TEST=build_packages, check /build/board Change-Id: I6750ff0347d80558dc084ee30a5f227124496d24 Reviewed-on: https://chromium-review.googlesource.com/410061 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>

commit: 4b7783530bf6becbb364ce5aaaef068dc11c9a56 [log] [tgz]
author: Eric Caruso <ejcaruso@chromium.org> Tue Nov 08 14:43:15 2016 -0800
committer: chrome-bot <chrome-bot@chromium.org> Fri Nov 11 03:25:33 2016 -0800
tree: 15b9239341c97c7a32d1a9dccb524c6cad1f0308
parent: 14c7f6a69707ab96790a84c141bdea6277e378d2 [diff]
diff --git a/profiles/base/accounts/group/cuse b/profiles/base/accounts/group/cuse
new file mode 100644
index 0000000..4cf0ae2
--- /dev/null
+++ b/profiles/base/accounts/group/cuse

@@ -0,0 +1,3 @@
+group:cuse
+gid:606
+users:devicejail

diff --git a/profiles/base/accounts/group/devicejail b/profiles/base/accounts/group/devicejail
new file mode 100644
index 0000000..e20bcdd
--- /dev/null
+++ b/profiles/base/accounts/group/devicejail

@@ -0,0 +1,3 @@
+group:devicejail
+gid:283
+users:

diff --git a/profiles/base/accounts/user/devicejail b/profiles/base/accounts/user/devicejail
new file mode 100644
index 0000000..7dba4af
--- /dev/null
+++ b/profiles/base/accounts/user/devicejail

@@ -0,0 +1,6 @@
+user:devicejail
+uid:283
+gid:283
+gecos:device sandbox user
+home:/dev/null
+shell:/bin/false
commit	4b7783530bf6becbb364ce5aaaef068dc11c9a56	[log] [tgz]
author	Eric Caruso <ejcaruso@chromium.org>	Tue Nov 08 14:43:15 2016 -0800
committer	chrome-bot <chrome-bot@chromium.org>	Fri Nov 11 03:25:33 2016 -0800
tree	15b9239341c97c7a32d1a9dccb524c6cad1f0308
parent	14c7f6a69707ab96790a84c141bdea6277e378d2 [diff]