| % minijail-config-file v0 | |
| # - shadercached does not enter any new namespace because it needs to bind mount | |
| # dlc contents into /run/daemon-store/crosvm/... directory. | |
| # - cap_sys_admin required to mount DLC contents into Borealis VM gpu cache | |
| # - --uts -e -l -N set as per Sandboxing recommendations, see minijail0 manual | |
| # for details | |
| u = shadercached | |
| g = shadercached | |
| G | |
| c = cap_sys_admin+eip | |
| ambient | |
| uts | |
| e | |
| l | |
| N | |
| i |