arc/setup/init/minijail/arcvm-prepare-virtio-fs-data.conf - third_party/platform2 - Git at Google

 % minijail-config-file v0

 # Copyright 2024 The ChromiumOS Authors
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 # Run in the concierge name space since the job mounts /data on /run/arcvm
 # to make it visibile to vm_concierge.
 # This means that the job needs to run after the namespace is created by
 # vm_concierge.conf, which is guaranteed by ArcVmClientAdapter in Chrome.

 c = cap_dac_override,cap_dac_read_search,cap_chown,cap_fowner,cap_sys_admin+eip
 uts
 e
 l
 N
 p
 K
 ns-mount
 V = /run/namespaces/mnt_concierge
	% minijail-config-file v0

	# Copyright 2024 The ChromiumOS Authors
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	# Run in the concierge name space since the job mounts /data on /run/arcvm
	# to make it visibile to vm_concierge.
	# This means that the job needs to run after the namespace is created by
	# vm_concierge.conf, which is guaranteed by ArcVmClientAdapter in Chrome.

	c = cap_dac_override,cap_dac_read_search,cap_chown,cap_fowner,cap_sys_admin+eip
	uts
	e
	l
	N
	p
	K
	ns-mount
	V = /run/namespaces/mnt_concierge