emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #196 from Duncaen/xbps-uchroot

Browse Source 
xbps-uchroot: umount chroot mounts
This commit is contained in:
Juan RP 2017-02-19 02:44:43 +01:00 committed by GitHub
commit a53bcef00b
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
bin/xbps-uchroot/main.c
View File

@ -349,7 +349,7 @@ main(int argc, char **argv)
container_flags = clone_flags & ~(CLONE_NEWNS|CLONE_NEWIPC|CLONE_NEWUTS|CLONE_NEWPID); container_flags = clone_flags & ~(CLONE_NEWNS|CLONE_NEWIPC|CLONE_NEWUTS|CLONE_NEWPID);
/* Issue the clone(2) syscall with our settings */ /* Issue the clone(2) syscall with our settings */
if ((child = syscall(__NR_clone, clone_flags, NULL)) == -1 || if ((child = syscall(__NR_clone, clone_flags, NULL)) == -1 &&
(child = syscall(__NR_clone, container_flags, NULL)) == -1) (child = syscall(__NR_clone, container_flags, NULL)) == -1)
die("clone"); die("clone");
@ -364,6 +364,13 @@ main(int argc, char **argv)
SECBIT_NOROOT|SECBIT_NOROOT_LOCKED) == -1) { SECBIT_NOROOT|SECBIT_NOROOT_LOCKED) == -1) {
die("prctl SECBIT_NOROOT"); die("prctl SECBIT_NOROOT");
} }
/* mount as private, systemd mounts it as shared by default */
if (mount(NULL, "/", "none", MS_PRIVATE|MS_REC, NULL) == -1)
die("Failed to mount / private");
if (mount(NULL, "/", "none", MS_PRIVATE|MS_REMOUNT|MS_NOSUID, NULL) == -1)
die("Failed to remount /");
/* setup our overlayfs if set */ /* setup our overlayfs if set */
if (overlayfs) if (overlayfs)
chrootdir = setup_overlayfs(chrootdir, ruid, rgid, chrootdir = setup_overlayfs(chrootdir, ruid, rgid,