diff options
author | Lennart Poettering <lennart@poettering.net> | 2012-05-11 17:56:09 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2012-05-14 22:41:30 +0200 |
commit | c1d70f7ca5eeeb3850161444028ba227f79df83e (patch) | |
tree | 43f94a6ecb808485e702b961c409b2c9758b035e /src/core | |
parent | 1c334d993a8bb32241284479012a27a7509aaa3c (diff) |
namespace: make PrivateTmp= apply to both /tmp and /var/tmp
Diffstat (limited to 'src/core')
-rw-r--r-- | src/core/namespace.c | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/src/core/namespace.c b/src/core/namespace.c index ba1edbe512..4bef15fdf5 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -131,7 +131,8 @@ static int apply_mount(Path *p, const char *root_dir, const char *inaccessible_d assert(inaccessible_dir); assert(private_dir); - if (!(where = strappend(root_dir, p->path))) + where = strappend(root_dir, p->path); + if (!where) return -ENOMEM; switch (p->mode) { @@ -157,7 +158,8 @@ static int apply_mount(Path *p, const char *root_dir, const char *inaccessible_d assert_not_reached("Unknown mode"); } - if ((r = mount(what, where, NULL, MS_BIND|MS_REC, NULL)) >= 0) { + r = mount(what, where, NULL, MS_BIND|MS_REC, NULL); + if (r >= 0) { log_debug("Successfully mounted %s to %s", what, where); /* The bind mount will always inherit the original @@ -205,9 +207,10 @@ int setup_namespace( strv_length(writable) + strv_length(readable) + strv_length(inaccessible) + - (private_tmp ? 2 : 1); + (private_tmp ? 3 : 1); - if (!(paths = new(Path, n))) + paths = new(Path, n); + if (!paths) return -ENOMEM; p = paths; @@ -220,6 +223,10 @@ int setup_namespace( p->path = "/tmp"; p->mode = PRIVATE; p++; + + p->path = "/var/tmp"; + p->mode = PRIVATE; + p++; } p->path = "/"; @@ -282,9 +289,11 @@ int setup_namespace( goto fail; } - for (p = paths; p < paths + n; p++) - if ((r = apply_mount(p, root_dir, inaccessible_dir, private_dir, flags)) < 0) + for (p = paths; p < paths + n; p++) { + r = apply_mount(p, root_dir, inaccessible_dir, private_dir, flags); + if (r < 0) goto undo_mounts; + } memcpy(old_root_dir, tmp_dir, sizeof(tmp_dir)-1); if (!mkdtemp(old_root_dir)) { @@ -341,7 +350,7 @@ fail: if (remove_tmp) rmdir(tmp_dir); - free(paths); + free(paths); return r; } |