StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Change mount propagation to private

Browse Source 
PiperOrigin-RevId: 289639932
Change-Id: Iac976134d5f43dcdfe895446d7caab463cc70d1a
This commit is contained in:
Wiktor Garbacz 2020-01-14 06:31:53 -08:00 committed by Copybara-Service
parent 18776b6f16
commit c2bd47e978
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sandboxed_api/sandbox2/namespace.cc
View File

@ -322,6 +322,9 @@ void Namespace::InitializeNamespaces(uid_t uid, gid_t gid, int32_t clone_flags,
SAPI_RAW_PCHECK(chdir("/") == 0,
"changing cwd after mntns initialization failed");
SAPI_RAW_PCHECK(mount("/", "/", "", MS_PRIVATE | MS_REC, nullptr) == 0,
"changing mount propagation to private failed");
if (SAPI_VLOG_IS_ON(2)) {
SAPI_RAW_VLOG(2, "Dumping the sandboxee's filesystem:");
LogFilesystem("/");