Merge "Add missing options to minijail(1) manpage"
diff --git a/libminijail.c b/libminijail.c
index be6da23..2927b62 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -1092,7 +1092,7 @@
/*
* Keep the fd for both old and new root.
- * It will be used in fchdir later.
+ * It will be used in fchdir(2) later.
*/
oldroot = open("/", O_DIRECTORY | O_RDONLY | O_CLOEXEC);
if (oldroot < 0)
@@ -1102,7 +1102,7 @@
pdie("failed to open %s for fchdir", j->chrootdir);
/*
- * To ensure chrootdir is the root of a file system,
+ * To ensure j->chrootdir is the root of a filesystem,
* do a self bind mount.
*/
if (mount(j->chrootdir, j->chrootdir, "bind", MS_BIND | MS_REC, ""))
@@ -1113,11 +1113,23 @@
pdie("pivot_root");
/*
- * Now the old root is mounted on top of the new root. Use fchdir to
+ * Now the old root is mounted on top of the new root. Use fchdir(2) to
* change to the old root and unmount it.
*/
if (fchdir(oldroot))
pdie("failed to fchdir to old /");
+
+ /*
+ * If j->flags.skip_remount_private was enabled for minijail_enter(), there
+ * could be a shared mount point under |oldroot|. In that case, mounts
+ * under this shared mount point will be unmounted below, and this
+ * unmounting will propagate to the original mount namespace (because the
+ * mount point is shared). To prevent this unexpected unmounting, remove
+ * these mounts from their peer groups by recursively remounting them as
+ * MS_PRIVATE.
+ */
+ if (mount(NULL, ".", NULL, MS_REC | MS_PRIVATE, NULL))
+ pdie("failed to mount(/, private) before umount(/)");
/* The old root might be busy, so use lazy unmount. */
if (umount2(".", MNT_DETACH))
pdie("umount(/)");
