power_manager/minijail/powerd.conf - third_party/platform2 - Git at Google

 % minijail-config-file v0

 # Grant the following capabilities to powerd:
 # CAP_WAKE_ALARM - Required by powerd to set wake up alarms for the instance.
 #
 # The -B 0x3 flag instructs Minijail to skip setting and locking the
 # SECURE_NOROOT securebit. This allows powerd_setuid_helper, which is forked and
 # exec'ed from powerd, to run as (root:power) with all effective capabilities
 # after it calls setuid(2).

 u = power
 c = 0x800000000
 ambient
 g = power
 B = 0x3
 G
 i
 no-default-runtime-environment
	% minijail-config-file v0

	# Grant the following capabilities to powerd:
	# CAP_WAKE_ALARM - Required by powerd to set wake up alarms for the instance.
	#
	# The -B 0x3 flag instructs Minijail to skip setting and locking the
	# SECURE_NOROOT securebit. This allows powerd_setuid_helper, which is forked and
	# exec'ed from powerd, to run as (root:power) with all effective capabilities
	# after it calls setuid(2).

	u = power
	c = 0x800000000
	ambient
	g = power
	B = 0x3
	G
	i
	no-default-runtime-environment