Minijail: Running Untrusted Programs Safely
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore the intricacies of Minijail, a powerful sandboxing and containment tool, in this informative 38-minute conference talk by Jorge Lucangeli Obes from Google. Delve into the various Linux kernel features for sandboxing, containment, and privilege-dropping, and learn how Minijail leverages these capabilities to create secure environments for executing untrusted code. Discover Minijail's widespread use across Google platforms, including Chrome OS, Android, and server environments like ClusterFuzz. Gain insights into its applications outside of Google, such as in coding competitions and build farms. Explore the implementation of a containerized version of Android in Chrome OS, allowing native execution of Android applications. Benefit from Jorge's expertise as the platform security lead for Brillo and his experience with Chrome OS security as he covers topics including capabilities, policies, file system and process capabilities, namespaces, and Android integration.
Syllabus
Introduction
Why Minijail
The Problem
Capabilities
Policies
File System Capabilities
Process Capabilities
namespaces
Pin namespace
User names
Android
Acknowledgements
Questions
Taught by
Linux Foundation
Tags
Related Courses
Designing Beautiful Apps for Foldables and Large ScreensAndroid Developers via YouTube New Features for Large Screens and Foldables in Android and ChromeOS
Android Developers via YouTube Chrome OS Accessibility for Android Developers
Android Developers via YouTube Adapting Android Games Beyond Mobile Devices
Android Developers via YouTube Building Android Apps for Chrome OS Ecosystem
Android Developers via YouTube