diff options
| author | aszlig <aszlig@nix.build> | 2018-07-02 04:20:26 +0200 |
|---|---|---|
| committer | aszlig <aszlig@nix.build> | 2018-07-02 04:35:19 +0200 |
| commit | e05f98c7af4f4ad36e6566c8a6f3343138cff255 (patch) | |
| tree | b2ee937983acc624e46635dce1b7280c754a55d5 /pkgs/build-support | |
| parent | cd8bde1c98543236ec0ceb4375c03eb55aa8e56d (diff) | |
pkgs/sandbox: Fix mount flags
When using MS_BIND the mount flags aren't actually applied, so we need to remount the bind mount with the flags we wanted if additional flags are desired for the mount. I've also removed the MS_NOATIME, because this doesn't work for kernel 4.14 (returns -EPERM) and it's really not necessary to change the atime flags for our bind mounts. Signed-off-by: aszlig <aszlig@nix.build>
Diffstat (limited to 'pkgs/build-support')
| -rw-r--r-- | pkgs/build-support/build-sandbox/src/setup.c | 29 |
1 files changed, 20 insertions, 9 deletions
diff --git a/pkgs/build-support/build-sandbox/src/setup.c b/pkgs/build-support/build-sandbox/src/setup.c index ffab2c26..18b288d9 100644 --- a/pkgs/build-support/build-sandbox/src/setup.c +++ b/pkgs/build-support/build-sandbox/src/setup.c @@ -247,23 +247,26 @@ recurse: bool bind_mount(const char *path, bool rdonly, bool restricted, bool resolve) { - int mflags = MS_BIND | MS_REC; + int base_mflags = MS_BIND | MS_REC, mflags = 0; + const char *msrc; char src[PATH_MAX], *target; if (rdonly) mflags |= MS_RDONLY; if (restricted) - mflags |= MS_NOSUID | MS_NODEV | MS_NOATIME; + mflags |= MS_NOSUID | MS_NODEV; if (resolve ? realpath(path, src) == NULL : access(path, F_OK) == -1) // Skip missing mount source return true; - if (is_regular_file(resolve ? src : path)) - return bind_file(resolve ? src : path); + msrc = resolve ? src : path; - if ((target = get_mount_target(resolve ? src : path)) == NULL) + if (is_regular_file(msrc)) + return bind_file(msrc); + + if ((target = get_mount_target(msrc)) == NULL) return false; if (resolve) { @@ -278,18 +281,26 @@ bool bind_mount(const char *path, bool rdonly, bool restricted, bool resolve) return false; } - if (!cache_path(cached_paths, resolve ? src : path)) { + if (!cache_path(cached_paths, msrc)) { free(target); return true; } - if (mount(resolve ? src : path, target, "", mflags, NULL) == -1) { - fprintf(stderr, "mount %s to %s: %s\n", - resolve ? src : path, target, strerror(errno)); + if (mount(msrc, target, "", base_mflags, NULL) == -1) { + fprintf(stderr, "mount %s to %s: %s\n", msrc, target, strerror(errno)); free(target); return false; } + if (mflags != 0) { + mflags |= base_mflags | MS_REMOUNT; + if (mount("none", target, "", mflags, NULL) == -1) { + fprintf(stderr, "remount %s: %s\n", target, strerror(errno)); + free(target); + return false; + } + } + free(target); return true; } |