attestation: enable minijail sandboxing
This CL makes attestation daemon run inside a minijail
sandbox, under the attestation user. This CL also defines the
seccomp policy for amd64 architecture.
BUG=brillo:913
TEST=run attestationd on a DUT
TEST=attestation_client create_and_certify && attestation_client sign
Change-Id: I407b62f6e1e8719799d2fff61d4dbfba93fe39c8
Reviewed-on: https://chromium-review.googlesource.com/273592
Trybot-Ready: Utkarsh Sanghi <usanghi@chromium.org>
Tested-by: Utkarsh Sanghi <usanghi@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Utkarsh Sanghi <usanghi@chromium.org>
4 files changed