Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

Minijail: Running Untrusted Programs Safely

Linux Foundation via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the intricacies of Minijail, a powerful sandboxing and containment tool, in this informative 38-minute conference talk by Jorge Lucangeli Obes from Google. Delve into the various Linux kernel features for sandboxing, containment, and privilege-dropping, and learn how Minijail leverages these capabilities to create secure environments for executing untrusted code. Discover Minijail's widespread use across Google platforms, including Chrome OS, Android, and server environments like ClusterFuzz. Gain insights into its applications outside of Google, such as in coding competitions and build farms. Explore the implementation of a containerized version of Android in Chrome OS, allowing native execution of Android applications. Benefit from Jorge's expertise as the platform security lead for Brillo and his experience with Chrome OS security as he covers topics including capabilities, policies, file system and process capabilities, namespaces, and Android integration.

Syllabus

Introduction
Why Minijail
The Problem
Capabilities
Policies
File System Capabilities
Process Capabilities
namespaces
Pin namespace
User names
Android
Acknowledgements
Questions

Taught by

Linux Foundation

Reviews

Start your review of Minijail: Running Untrusted Programs Safely

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.