Merge "Remove dead minijail_disable_ptrace() declaration."
diff --git a/libminijail.c b/libminijail.c
index be6da23..2927b62 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -1092,7 +1092,7 @@
/*
* Keep the fd for both old and new root.
- * It will be used in fchdir later.
+ * It will be used in fchdir(2) later.
*/
oldroot = open("/", O_DIRECTORY | O_RDONLY | O_CLOEXEC);
if (oldroot < 0)
@@ -1102,7 +1102,7 @@
pdie("failed to open %s for fchdir", j->chrootdir);
/*
- * To ensure chrootdir is the root of a file system,
+ * To ensure j->chrootdir is the root of a filesystem,
* do a self bind mount.
*/
if (mount(j->chrootdir, j->chrootdir, "bind", MS_BIND | MS_REC, ""))
@@ -1113,11 +1113,23 @@
pdie("pivot_root");
/*
- * Now the old root is mounted on top of the new root. Use fchdir to
+ * Now the old root is mounted on top of the new root. Use fchdir(2) to
* change to the old root and unmount it.
*/
if (fchdir(oldroot))
pdie("failed to fchdir to old /");
+
+ /*
+ * If j->flags.skip_remount_private was enabled for minijail_enter(), there
+ * could be a shared mount point under |oldroot|. In that case, mounts
+ * under this shared mount point will be unmounted below, and this
+ * unmounting will propagate to the original mount namespace (because the
+ * mount point is shared). To prevent this unexpected unmounting, remove
+ * these mounts from their peer groups by recursively remounting them as
+ * MS_PRIVATE.
+ */
+ if (mount(NULL, ".", NULL, MS_REC | MS_PRIVATE, NULL))
+ pdie("failed to mount(/, private) before umount(/)");
/* The old root might be busy, so use lazy unmount. */
if (umount2(".", MNT_DETACH))
pdie("umount(/)");
diff --git a/minijail0.1 b/minijail0.1
index 8d7e188..685b6a6 100644
--- a/minijail0.1
+++ b/minijail0.1
@@ -51,6 +51,9 @@
(Other direct numbers may be specified if minijail0 is not in sync with the
host kernel or something like 32/64-bit compatibility issues exist.)
.TP
+\fB-I\fR
+Run \fIprogram\fR as init (pid 1) inside a new pid namespace (implies \fB-p\fR).
+.TP
\fB-k <src>,<dest>,<type>[,<flags>]\fR
Mount \fIsrc\fR, a \fItype\fR filesystem, into the chroot directory at \fIdest\fR, with optional \fIflags\fR.
.TP
@@ -63,6 +66,11 @@
Run inside a new IPC namespace. This option makes the program's System V IPC
namespace independent.
.TP
+\fB-L\fR
+Report blocked syscalls to syslog when using seccomp filter. This option will
+force certain syscalls to be allowed in order to achieve this, depending on the
+system.
+.TP
\fB-m "<uid> <loweruid> <count>[,<uid> <loweruid> <count>]"\fR
Set the uid mapping of a user namespace (implies \fB-pU\fR). Same arguments as
\fBnewuidmap(1)\fR. Multiple mappings should be separated by ','.
@@ -71,6 +79,10 @@
Set the gid mapping of a user namespace (implies \fB-pU\fR). Same arguments as
\fBnewgidmap(1)\fR. Multiple mappings should be separated by ','.
.TP
+\fB-n\fR
+Set the process's \fIno_new_privs\fR bit. See \fBprctl(2)\fR and the kernel
+source file \fIDocumentation/prctl/no_new_privs.txt\fR for more info.
+.TP
\fB-p\fR
Run inside a new PID namespace. This option will make it impossible for the
program to see or affect processes that are not its descendants. This implies
@@ -108,6 +120,9 @@
Change users to \fIuser\fR, which may be either a user name or a numeric user
ID.
.TP
+\fB-U\fR
+Enter a new user namespace (implies \fB-p\fR).
+.TP
\fB-v\fR
Run inside a new VFS namespace. This option makes the program's mountpoints
independent of the rest of the system's.
diff --git a/minijail0.c b/minijail0.c
index f3caeac..300e921 100644
--- a/minijail0.c
+++ b/minijail0.c
@@ -145,7 +145,7 @@
" -T <type>: Don't access <program> before execve(2), assume <type> ELF binary.\n"
" <type> must be 'static' or 'dynamic'.\n"
" -u <user>: Change uid to <user>.\n"
- " -U Enter new user namespace (implies -p).\n"
+ " -U: Enter new user namespace (implies -p).\n"
" -v: Enter new mount namespace.\n"
" -V <file>: Enter specified mount namespace.\n");
}
