mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Move root chdir to namespace setup
PiperOrigin-RevId: 258361265 Change-Id: Ifa065559e36606afa7111ef6d8e2d5d621b57426
This commit is contained in:
parent
418ad07086
commit
2349325e2b
|
@ -175,7 +175,6 @@ static void RunInitProcess(int signaling_fd, std::set<int> open_fds) {
|
||||||
SAPI_RAW_CHECK(sendmsg(signaling_fd, &msgh, 0), "Sending child PID");
|
SAPI_RAW_CHECK(sendmsg(signaling_fd, &msgh, 0), "Sending child PID");
|
||||||
return;
|
return;
|
||||||
} else if (child > 0) {
|
} else if (child > 0) {
|
||||||
SAPI_RAW_CHECK(chdir("/") == 0, "changing init cwd failed");
|
|
||||||
if (prctl(PR_SET_NAME, "S2-INIT-PROC", 0, 0, 0) != 0) {
|
if (prctl(PR_SET_NAME, "S2-INIT-PROC", 0, 0, 0) != 0) {
|
||||||
SAPI_RAW_PLOG(WARNING, "prctl(PR_SET_NAME, 'S2-INIT-PROC')");
|
SAPI_RAW_PLOG(WARNING, "prctl(PR_SET_NAME, 'S2-INIT-PROC')");
|
||||||
}
|
}
|
||||||
|
|
|
@ -249,6 +249,7 @@ void Namespace::InitializeNamespaces(uid_t uid, gid_t gid, int32_t clone_flags,
|
||||||
syscall(__NR_pivot_root, kSandbox2ChrootPath, kSandbox2ChrootPath) != -1,
|
syscall(__NR_pivot_root, kSandbox2ChrootPath, kSandbox2ChrootPath) != -1,
|
||||||
"pivot root");
|
"pivot root");
|
||||||
SAPI_RAW_PCHECK(umount2("/", MNT_DETACH) != -1, "detaching old root");
|
SAPI_RAW_PCHECK(umount2("/", MNT_DETACH) != -1, "detaching old root");
|
||||||
|
SAPI_RAW_PCHECK(chdir("/") == 0, "changing cwd after pivot_root failed");
|
||||||
|
|
||||||
if (SAPI_VLOG_IS_ON(2)) {
|
if (SAPI_VLOG_IS_ON(2)) {
|
||||||
SAPI_RAW_VLOG(2, "Dumping the sandboxee's filesystem:");
|
SAPI_RAW_VLOG(2, "Dumping the sandboxee's filesystem:");
|
||||||
|
|
Loading…
Reference in New Issue
Block a user