sandboxing and containment tool used in ChromeOS and Android

View on GitHub


Minijail is a sandboxing and containment tool used in ChromeOS and Android. It provides an executable that can be used to launch and sandbox other programs, and a library that can be used by code to sandbox itself.


The Minijail homepage:

The main repo:

With a read-only mirror for people to fork:

There might be other copies floating around, but those are the official ones!

Getting the code


Releases are tagged as linux-vXX:

Latest Development

You’re one git clone away from happiness.

$ git clone
$ cd minijail


Check out the minijail0(1) and minijail0(5) online man pages for more details about using Minijail.

See the tools/ document for info about extra tools we provide to help with development.

The following talk serves as a good introduction to Minijail and how it can be used. video slides

The ChromiumOS project has a comprehensive sandboxing guide that is largely based on Minijail.


Just run make and you’re good to go!

If that doesn’t work out, please see the document for more details.


Here’s a few simple examples. Check out the docs above for way more in-depth use.

Change root to any user

# id
uid=0(root) gid=0(root) groups=0(root),128(pkcs11)
# minijail0 -u jorgelo -g 5000 /usr/bin/id
uid=72178(jorgelo) gid=5000(eng) groups=5000(eng)

Drop root while keeping some capabilities

# minijail0 -u jorgelo -c 3000 -- /bin/cat /proc/self/status
Name: cat
CapInh: 0000000000003000
CapPrm: 0000000000003000
CapEff: 0000000000003000
CapBnd: 0000000000003000


We’ve got a couple of contact points.