spaced/minijail/spaced.conf - third_party/platform2 - Git at Google

 % minijail-config-file v0

 # Used minijail options:
 #   -e: new network namespace.
 #   -i: minijail0 exits right after forking.
 #   --uts: enters new UTS namespace. It makes changes to the host/domain
 #     name not affect the rest of the system.
 #   -N: new cgroup namespace.
 #   -u: change userid to <user>
 #   -g: change gid to <group>
 #   -G: inherit supplementary groups from new uid.
 #   -c: grant capabilities for lvm2 utils to access dm devices and create
 #       lock files.
 #   -n: set no new privileges (no_new_privs bit).
 #   --seccomp-bpf-binary: use the spaced seccomp policy

 e
 i
 uts
 N
 u = spaced
 g = spaced
 G
 c = cap_dac_override,cap_fowner,cap_sys_admin+eip
 ambient
 n
 seccomp-bpf-binary = /usr/share/policy/spaced-seccomp.policy.bpf
	% minijail-config-file v0

	# Used minijail options:
	# -e: new network namespace.
	# -i: minijail0 exits right after forking.
	# --uts: enters new UTS namespace. It makes changes to the host/domain
	# name not affect the rest of the system.
	# -N: new cgroup namespace.
	# -u: change userid to <user>
	# -g: change gid to <group>
	# -G: inherit supplementary groups from new uid.
	# -c: grant capabilities for lvm2 utils to access dm devices and create
	# lock files.
	# -n: set no new privileges (no_new_privs bit).
	# --seccomp-bpf-binary: use the spaced seccomp policy

	e
	i
	uts
	N
	u = spaced
	g = spaced
	G
	c = cap_dac_override,cap_fowner,cap_sys_admin+eip
	ambient
	n
	seccomp-bpf-binary = /usr/share/policy/spaced-seccomp.policy.bpf