commit c6206d52712673e25adde3e00a3c7517aade5cd0
author Mike Frysinger <vapier@chromium.org> Thu Mar 09 16:46:05 2017 -0500
committer chrome-bot <chrome-bot@chromium.org> Tue Oct 17 23:14:19 2017 -0700
tree 617632fe2cdf8669693ef6e130915374cb0baf97
parent 22b78c7f2d1b6d5dc040d53e4c949b6ff0c891d6

init: run syslog in a net namespace

Since syslog shouldn't need access to the network, put it into a
namespace without any access.

BUG=chromium:764455
TEST=precq passes still

Change-Id: Ib5b838833e73499547e2fde1610d145097f100ea
Reviewed-on: https://chromium-review.googlesource.com/664002
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>

init/upstart/syslog.conf

diff --git a/init/upstart/syslog.conf b/init/upstart/syslog.conf
index acc0039..66cb764 100644
--- a/init/upstart/syslog.conf
+++ b/init/upstart/syslog.conf
@@ -32,7 +32,7 @@
 # to use syslog which would fail.  That's why we don't bother using daemon mode
 # (we pass -n), and why we need the poll command below.
 # See this report for more details: https://crbug.com/702794#27
-exec /sbin/minijail0 -l --uts -i \
+exec /sbin/minijail0 -l --uts -i -e \
      /usr/sbin/rsyslogd -n -f /etc/rsyslog.chromeos
 
 # See above comment for why we need to poll ourselves.