diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2020-08-26 18:52:10 +0900 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2020-08-26 12:25:46 +0200 |
| commit | 318430cbb3b2ceefe51518ecccabbdabb32ffe3b (patch) | |
| tree | 25d3ddae66063497ea8a875a21c52d89dbc51b2c /executor | |
| parent | 344da168cb738076d82a75e1a7a1f5177df8dbc7 (diff) | |
executor/linux: change mount propagation type to private
unshare(CLONE_NEWNS) might not be sufficient for making all test processes run in
separate mount namespace, for "mount --make-rshared /" request issued by systemd
causes mount operations issued by test processes visible from outside of test
processes. Issue "mount --make-rprivate /" request after unshare(CLONE_NEWNS).
Diffstat (limited to 'executor')
| -rw-r--r-- | executor/common_linux.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/executor/common_linux.h b/executor/common_linux.h index deb0487f0..43da7be11 100644 --- a/executor/common_linux.h +++ b/executor/common_linux.h @@ -3318,6 +3318,9 @@ static void sandbox_common() if (unshare(CLONE_NEWNS)) { debug("unshare(CLONE_NEWNS): %d\n", errno); } + if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL)) { + debug("mount(\"/\", MS_REC | MS_PRIVATE): %d\n", errno); + } if (unshare(CLONE_NEWIPC)) { debug("unshare(CLONE_NEWIPC): %d\n", errno); } |