diff options
author | aszlig <aszlig@nix.build> | 2020-09-11 20:06:43 +0200 |
---|---|---|
committer | aszlig <aszlig@nix.build> | 2020-09-11 20:09:17 +0200 |
commit | 214968cbe4ec9b2705c0d3e402dca043c0847cc8 (patch) | |
tree | e59f711136e7ef8d76905019e7785db09b95bc65 /pkgs/build-support/build-sandbox/src/setup.c | |
parent | 877fb29635370f3ebbdfd0211460bc66347269ea (diff) |
sandbox: Only mount new procfs instance for PID ns
If we don't have a PID namespace, we're not allowed to mount a new procfs instance and subsequently get an error (EPERM). To cope with this, we're now bind-mounting /proc just like the other pseudo file systems IFF we're not using the CLONE_NEWPID flag. Signed-off-by: aszlig <aszlig@nix.build>
Diffstat (limited to 'pkgs/build-support/build-sandbox/src/setup.c')
-rw-r--r-- | pkgs/build-support/build-sandbox/src/setup.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/pkgs/build-support/build-sandbox/src/setup.c b/pkgs/build-support/build-sandbox/src/setup.c index dc8bbf14..63b72773 100644 --- a/pkgs/build-support/build-sandbox/src/setup.c +++ b/pkgs/build-support/build-sandbox/src/setup.c @@ -769,13 +769,18 @@ static bool setup_chroot(void) if (!bind_mount("/dev", false, false, false)) return false; - if (!makedirs(FS_ROOT_DIR "/proc", false)) - return false; +#if (EXTRA_NS_FLAGS) & CLONE_NEWPID + if (!makedirs(FS_ROOT_DIR "/proc", false)) + return false; - if (mount("none", FS_ROOT_DIR "/proc", "proc", 0, NULL) == -1) { - perror("mount /proc"); - return false; - } + if (mount("none", FS_ROOT_DIR "/proc", "proc", 0, NULL) == -1) { + perror("mount /proc"); + return false; + } +#else + if (!bind_mount("/proc", false, false, false)) + return false; +#endif if (!bind_mount("/sys", false, false, false)) return false; |