summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-08-26 17:25:40 +0200
committerDjalal Harouni <tixxdz@opendz.org>2016-09-25 10:52:57 +0200
commitcd2902c9546eabfffcf5d6de4d0bd4dfe6a4d427 (patch)
treed187c1fc2ed9f734fb7d8c3344b94f755f9252fa
parent54500613a46023fe991f424e21ed15948b9a74f5 (diff)
namespace: drop all mounts outside of the new root directory
There's no point in mounting these, if they are outside of the root directory we'll move to.
-rw-r--r--src/core/namespace.c26
1 files changed, 26 insertions, 0 deletions
diff --git a/src/core/namespace.c b/src/core/namespace.c
index a7451ffbdc..c9b2154985 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -199,6 +199,31 @@ static void drop_nop(BindMount *m, unsigned *n) {
*n = t - m;
}
+static void drop_outside_root(const char *root_directory, BindMount *m, unsigned *n) {
+ BindMount *f, *t;
+
+ assert(m);
+ assert(n);
+
+ if (!root_directory)
+ return;
+
+ /* Drops all mounts that are outside of the root directory. */
+
+ for (f = m, t = m; f < m+*n; f++) {
+
+ if (!path_startswith(f->path, root_directory)) {
+ log_debug("%s is outside of root directory.", f->path);
+ continue;
+ }
+
+ *t = *f;
+ t++;
+ }
+
+ *n = t - m;
+}
+
static int mount_dev(BindMount *m) {
static const char devnodes[] =
"/dev/null\0"
@@ -631,6 +656,7 @@ int setup_namespace(
qsort(mounts, n, sizeof(BindMount), mount_path_compare);
drop_duplicates(mounts, &n);
+ drop_outside_root(root_directory, mounts, &n);
drop_inaccessible(mounts, &n);
drop_nop(mounts, &n);
}