Fix nested minijail0 execution We've got an internal testcase that uses minijail0 inside an Android.mk rule. That was failing since we turned on the linux sandbox, as /proc was mounted read-only, which prevented setting up the uid/gid mappings for a child namespace. Fixes: 122985455 Test: treehugger & forrest of breaking build Change-Id: Ia77a91a7f4eeeb8a24e84075d8272287f5087587

commit: 3a4dbd651f060a0cf091a314ad354b9e3714e9d9 [log] [tgz]
author: Dan Willemsen <dwillemsen@google.com> Wed Jan 16 23:02:24 2019 -0800
committer: Dan Willemsen <dwillemsen@google.com> Wed Jan 16 23:04:16 2019 -0800
tree: 1d8ec19f629568809dc089d0e136ce54c3bc949d
parent: c22c1bf130a7c60c193aece472eab2ae648a1fcb [diff] [blame]
diff --git a/ui/build/sandbox_linux.go b/ui/build/sandbox_linux.go
index f77eebb..85c4a9a 100644
--- a/ui/build/sandbox_linux.go
+++ b/ui/build/sandbox_linux.go

@@ -127,6 +127,9 @@
 		// in soong_ui
 		"-e",
 
+		// Mount /proc read-write, necessary to run a nested nsjail or minijail0
+		"--proc_rw",
+
 		// Use a consistent user & group.
 		// Note that these are mapped back to the real UID/GID when
 		// doing filesystem operations, so they're rather arbitrary.
commit	3a4dbd651f060a0cf091a314ad354b9e3714e9d9	[log] [tgz]
author	Dan Willemsen <dwillemsen@google.com>	Wed Jan 16 23:02:24 2019 -0800
committer	Dan Willemsen <dwillemsen@google.com>	Wed Jan 16 23:04:16 2019 -0800
tree	1d8ec19f629568809dc089d0e136ce54c3bc949d
parent	c22c1bf130a7c60c193aece472eab2ae648a1fcb [diff] [blame]