tree b782c0642667adc350f28b30125ee19eba1c8ec3
parent 7d523a97b784be330a928226fcca85968a5a22d7
author Jorge Lucangeli Obes <jorgelo@chromium.org> 1654531410 -0400
committer Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> 1658153516 +0000

[M96-LTS] authpolicyd: Use /mnt/empty for pivot_root.

/tmp is writable so can be affected by the rest of the system. The
recommendation is to use /mnt/empty for pivot_root.

This was added initially in
https://chromium-review.googlesource.com/c/chromiumos/platform2/+/1113917
which was not actually reviewed by the security team.

This should cause no functional changes since what's needed for
pivot_root is just an empty directory.

BUG=chromium:1330050
TEST=CQ

Change-Id: I0d82855132809ed57a1f0e827acda997193dadc6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/3686275
Commit-Queue: Felipe Andrade <fsandrade@chromium.org>
Auto-Submit: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org>
(cherry picked from commit 2bbb8829c458193eba66bec1ad0e26711112e98c)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/3758083
Tested-by: Roger Felipe Zanoni da Silva <rzanoni@google.com>
Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com>
Reviewed-by: Simon Hangl <simonha@google.com>
Owners-Override: Simon Hangl <simonha@google.com>