[minijail] don't forget to enter pid namespace minijail_preexec() clears the pid namespace flag. Oops. BUG=chromium-os:31862 TEST=adhoc,security_Minijail0 minijail0 -p /bin/ps should show ps as pid 2 Change-Id: I269805d0efb1d7c768420d3708ae1e93c6fa6a31 Signed-off-by: Elly Jones <ellyjones@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/25300 Reviewed-by: Jim Hebert <jimhebert@chromium.org>

commit: a05d7bbb4072142e2bfb34310ad08c9dfb1ebbbf [log] [tgz]
author: Elly Jones <ellyjones@chromium.org> Thu Jun 14 14:09:27 2012 -0400
committer: Gerrit <chrome-bot@google.com> Thu Jun 14 12:18:40 2012 -0700
tree: 1342350ca72a9d2f38877f213838e45a654e0347
parent: 761b74101442568efb4f35ef0d9e8c98bfa5d350 [diff]
diff --git a/libminijail.c b/libminijail.c
index 1f7ac9d..51a5300 100644
--- a/libminijail.c
+++ b/libminijail.c

@@ -812,6 +812,8 @@
 	pid_t child_pid;
 	int pipe_fds[2];
 	int ret;
+	/* We need to remember this across the minijail_preexec() call. */
+	int pid_namespace = j->flags.pids;
 
 	oldenv = getenv(kLdPreloadEnvVar);
 	if (oldenv) {
@@ -870,7 +872,7 @@
 	 * problem is fixable or not. It would be nice if we worked in this
 	 * case.
 	 */
-	if (j->flags.pids)
+	if (pid_namespace)
 		child_pid = syscall(SYS_clone, CLONE_NEWPID | SIGCHLD, NULL);
 	else
 		child_pid = fork();
@@ -908,7 +910,7 @@
 	/* Jail this process and its descendants... */
 	minijail_enter(j);
 
-	if (j->flags.pids) {
+	if (pid_namespace) {
 		/*
 		 * pid namespace: this process will become init inside the new
 		 * namespace, so fork off a child to actually run the program
commit	a05d7bbb4072142e2bfb34310ad08c9dfb1ebbbf	[log] [tgz]
author	Elly Jones <ellyjones@chromium.org>	Thu Jun 14 14:09:27 2012 -0400
committer	Gerrit <chrome-bot@google.com>	Thu Jun 14 12:18:40 2012 -0700
tree	1342350ca72a9d2f38877f213838e45a654e0347
parent	761b74101442568efb4f35ef0d9e8c98bfa5d350 [diff]