c4c764b59281d9299ea22a91b4be0d807f4f11c8 - aosp/platform/system/attestation

commit	c4c764b59281d9299ea22a91b4be0d807f4f11c8	[log] [tgz]
author	Utkarsh Sanghi <usanghi@chromium.org>	Wed May 27 17:23:58 2015
committer	ChromeOS Commit Bot <chromeos-commit-bot@chromium.org>	Wed Jun 03 21:01:27 2015
tree	386502438b615e98ee987bbac6dd9e2d2ef2ff36
parent	62a38eae41f6dbced3454c2d8bcbbb8ca08e3851 [diff]

attestation: enable minijail sandboxing

This CL makes attestation daemon run inside a minijail
sandbox, under the attestation user. This CL also defines the
seccomp policy for amd64 architecture.

BUG=brillo:913
TEST=run attestationd on a DUT
TEST=attestation_client create_and_certify && attestation_client sign

Change-Id: I407b62f6e1e8719799d2fff61d4dbfba93fe39c8
Reviewed-on: https://chromium-review.googlesource.com/273592
Trybot-Ready: Utkarsh Sanghi <usanghi@chromium.org>
Tested-by: Utkarsh Sanghi <usanghi@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Utkarsh Sanghi <usanghi@chromium.org>

attestation.gyp[diff]
server/attestationd-seccomp-amd64.policy[diff]
server/main.cc[diff]
server/org.chromium.Attestation.conf[diff]

4 files changed

tree: 386502438b615e98ee987bbac6dd9e2d2ef2ff36

client/
common/
server/
attestation.gyp
attestation_testrunner.cc
OWNERS