StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Move root chdir to namespace setup

Browse Source 
PiperOrigin-RevId: 258361265
Change-Id: Ifa065559e36606afa7111ef6d8e2d5d621b57426
This commit is contained in:
Wiktor Garbacz 2019-07-16 07:12:57 -07:00 committed by Copybara-Service
parent 418ad07086
commit 2349325e2b
2 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sandboxed_api/sandbox2/forkserver.cc
View File

@ -175,7 +175,6 @@ static void RunInitProcess(int signaling_fd, std::set<int> open_fds) {
SAPI_RAW_CHECK(sendmsg(signaling_fd, &msgh, 0), "Sending child PID");
return;
} else if (child > 0) {
SAPI_RAW_CHECK(chdir("/") == 0, "changing init cwd failed");
if (prctl(PR_SET_NAME, "S2-INIT-PROC", 0, 0, 0) != 0) {
SAPI_RAW_PLOG(WARNING, "prctl(PR_SET_NAME, 'S2-INIT-PROC')");
}

1
sandboxed_api/sandbox2/namespace.cc
View File

@ -249,6 +249,7 @@ void Namespace::InitializeNamespaces(uid_t uid, gid_t gid, int32_t clone_flags,
syscall(__NR_pivot_root, kSandbox2ChrootPath, kSandbox2ChrootPath) != -1,
"pivot root");
SAPI_RAW_PCHECK(umount2("/", MNT_DETACH) != -1, "detaching old root");
SAPI_RAW_PCHECK(chdir("/") == 0, "changing cwd after pivot_root failed");
if (SAPI_VLOG_IS_ON(2)) {
SAPI_RAW_VLOG(2, "Dumping the sandboxee's filesystem:");