mini_udisks/minijail/mini_udisks.conf - third_party/platform2 - Git at Google

 % minijail-config-file v0

 # Copyright 2024 The ChromiumOS Authors
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 # Namespaces:
 # Enter new network namespace.
 e
 # Enter new IPC namespace.
 l
 # Enter new cgroup namespace.
 N
 # Enter new pid namespace.
 p
 # Enter new UTS/hostname namespace.
 uts
 # Set up a minimalistic mount namespace.
 profile=minimalistic-mountns

 # Set no_new_privs.
 n

 # Enable seccomp policy.
 S = /usr/share/policy/mini_udisks-seccomp.policy
 # Set user and group.
 u = mini_udisks
 g = mini_udisks

 # Mounts:
 # Mount tmpfs at /run.
 mount = /run,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M
 # Allow D-Bus.
 bind-mount = /run/dbus
	% minijail-config-file v0

	# Copyright 2024 The ChromiumOS Authors
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	# Namespaces:
	# Enter new network namespace.
	e
	# Enter new IPC namespace.
	l
	# Enter new cgroup namespace.
	N
	# Enter new pid namespace.
	p
	# Enter new UTS/hostname namespace.
	uts
	# Set up a minimalistic mount namespace.
	profile=minimalistic-mountns

	# Set no_new_privs.
	n

	# Enable seccomp policy.
	S = /usr/share/policy/mini_udisks-seccomp.policy
	# Set user and group.
	u = mini_udisks
	g = mini_udisks

	# Mounts:
	# Mount tmpfs at /run.
	mount = /run,/run,tmpfs,MS_NODEV\|MS_NOEXEC\|MS_NOSUID,mode=755,size=10M
	# Allow D-Bus.
	bind-mount = /run/dbus