Google Git
Sign in
gfiber / vendor / google / minijail / 805be39fcbce5eb1c827d8a9d59d0aa3748a1fd8
commit805be39fcbce5eb1c827d8a9d59d0aa3748a1fd8[log] [tgz]
authorJorge Lucangeli Obes <jorgelo@google.com>Mon Oct 12 15:55:59 2015 -0700
committerJorge Lucangeli Obes <jorgelo@google.com>Mon Oct 12 15:55:59 2015 -0700
treeb1b63e3ad3cecdc070d1309c482b0e140d3b0ee1
parent68db15cc2ea5b8314b4c8f7f3920423aeb5e25eb [diff]
Make Minijail work correctly with shared mounts.

This fixes some problems that appear when system booted with systemd.
Systemd sets all mounts to shared. This means that when minijail0 creates
mount namespace new mounts will propogate out of that namespace.

This change fixes that by setting all mounts to private right after
creating new namespace.
Also when remounting /proc it unmounts it lazily, as normal umount()
may fail when shared mounts are enabled.

More information about shared mounts:
https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt

(Original patch by Andrey Ulanov <andreyu@google.com> at
https://chromium-review.googlesource.com/303158)

Change-Id: I0ff5851dba32524bd6c4ad663b67826fb9be0485
1 file changed
tree: b1b63e3ad3cecdc070d1309c482b0e140d3b0ee1
  1. test/
  2. Android.mk
  3. arch.h
  4. bpf.c
  5. bpf.h
  6. common.mk
  7. CPPLINT.cfg
  8. elfparse.c
  9. elfparse.h
  10. gen_constants.sh
  11. gen_syscalls.sh
  12. libconstants.h
  13. libminijail-private.h
  14. libminijail.c
  15. libminijail.h
  16. libminijail.pc.in
  17. libminijail_unittest.c
  18. libminijailpreload.c
  19. libsyscalls.h
  20. Makefile
  21. minijail0.1
  22. minijail0.5
  23. minijail0.c
  24. MODULE_LICENSE_BSD
  25. NOTICE
  26. OWNERS
  27. platform2_preinstall.sh
  28. PRESUBMIT.cfg
  29. signal_handler.c
  30. signal_handler.h
  31. syscall_filter.c
  32. syscall_filter.h
  33. syscall_filter_unittest.c
  34. test_harness.h
  35. util.c
  36. util.h