| Message ID | 1464565158-18043-6-git-send-email-champetier.etienne@gmail.com |
|---|---|
| State | Accepted |
| Headers | show
Return-Path: <lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2001:1868:205::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3rHx7c37ctz9s9N for <incoming@patchwork.ozlabs.org>; Mon, 30 May 2016 09:40:12 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b=FMggBw7y; dkim-atps=neutral Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1b7AJM-000819-FL; Sun, 29 May 2016 23:40:00 +0000 Received: from mail-wm0-x244.google.com ([2a00:1450:400c:c09::244]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1b7AJD-0007wA-Ee for lede-dev@lists.infradead.org; Sun, 29 May 2016 23:39:52 +0000 Received: by mail-wm0-x244.google.com with SMTP id e3so17501795wme.2 for <lede-dev@lists.infradead.org>; Sun, 29 May 2016 16:39:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=yzi21sQsHL2WjwaNyR+1REuOndo0G+1dnxIJHr8hIUo=; b=FMggBw7yJ8IspZJ3TNo7UMOkm9CmN+M/JTv2lzFs1PhIKF3EoVvxtI2WQxuRaQHCmW HYNiVSKCCs+lsKKJ7mSQvXXQFAwb+XHSCWAs3/AddLcapah5M2fN5pxeRlPWbkuLmni5 QwW3hI5EEW0UsHxczZjWtKUkZ4ECJRm6fQCkSpufJAALHhQs2EvcfE967DrIrqM7U0Eh fb+GTuGSCgLqfFunnV6tqGxwDNAtU2YrQdIZBWY6oExwnvm8HEGCW0gKpqQRTRgewYJ6 whpEIli0DSazDBpsRLnS4FQbakH590C8VTMnKJMooxGyoxHQ4V1uYeSbHVGXx0nz87DU OfCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=yzi21sQsHL2WjwaNyR+1REuOndo0G+1dnxIJHr8hIUo=; b=DxJiCGRcXXjn1B9LH+e4ctyKy+tbo0fImv0ecFJ457Vxm2TSUqtxIG7LdFCttoFCdt hygCSqpU4fNKYKrnI4+B4Dauf+5lLIiHaZxKt5GQhPck7Eb06YAa9QXBbeHwc3B9uYQw hnvH/edVtoCW8KXWuTourB9ECqThNmPc5W+708jMtgZY5KF+gp7AutDeu2/qi2k+QVf9 f1wwg0ly3H4fsYuTjBBataB7gTVnVxXcLiYV80AU8mpmOWLGt2oOk6llpHb6tX8awWYy +2sou2wFf3ebk1SpB0ZcxD8KiDNzbUwmxqNxf/xxQXTy35jIphmFc8TVunCDcpxfZUvr gQ2A== X-Gm-Message-State: ALyK8tJhld9DeCYXkol7jlbWJ4F6gdrYdeuOCnlD3BMSZ7ZV4/uoMNjNHIa73NQbSK+ztQ== X-Received: by 10.28.169.2 with SMTP id s2mr8214570wme.78.1464565169698; Sun, 29 May 2016 16:39:29 -0700 (PDT) Received: from ubuntu1404.lxcnattst (ns623510.ovh.net. [5.135.134.9]) by smtp.gmail.com with ESMTPSA id 124sm20721292wml.12.2016.05.29.16.39.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 29 May 2016 16:39:29 -0700 (PDT) From: Etienne CHAMPETIER <champetier.etienne@gmail.com> To: lede-dev@lists.infradead.org Date: Sun, 29 May 2016 23:39:17 +0000 Message-Id: <1464565158-18043-6-git-send-email-champetier.etienne@gmail.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1464565158-18043-1-git-send-email-champetier.etienne@gmail.com> References: <1464565158-18043-1-git-send-email-champetier.etienne@gmail.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20160529_163951_745133_A7E8D37B X-CRM114-Status: UNSURE ( 9.52 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -2.7 (--) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-2.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [2a00:1450:400c:c09:0:0:0:244 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (champetier.etienne[at]gmail.com) -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid Subject: [LEDE-DEV] [PATCH procd 6/7] jail: ensure mounts are not MS_SHARED to avoid pivot_root() failure X-BeenThere: lede-dev@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: <lede-dev.lists.infradead.org> List-Unsubscribe: <http://lists.infradead.org/mailman/options/lede-dev>, <mailto:lede-dev-request@lists.infradead.org?subject=unsubscribe> List-Archive: <http://lists.infradead.org/pipermail/lede-dev/> List-Post: <mailto:lede-dev@lists.infradead.org> List-Help: <mailto:lede-dev-request@lists.infradead.org?subject=help> List-Subscribe: <http://lists.infradead.org/mailman/listinfo/lede-dev>, <mailto:lede-dev-request@lists.infradead.org?subject=subscribe> Cc: Etienne CHAMPETIER <champetier.etienne@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Lede-dev" <lede-dev-bounces@lists.infradead.org> Errors-To: lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org |
diff --git a/jail/jail.c b/jail/jail.c index b3f27d3..e425254 100644 --- a/jail/jail.c +++ b/jail/jail.c @@ -129,6 +129,12 @@ static int build_jail_fs(void) return -1; } + /* oldroot can't be MS_SHARED else pivot_root() fails */ + if (mount("none", "/", NULL, MS_REC|MS_PRIVATE, NULL)) { + ERROR("private mount failed %s\n", strerror(errno)); + return -1; + } + if (mount("tmpfs", jail_root, "tmpfs", MS_NOATIME, "mode=0755")) { ERROR("tmpfs mount failed %s\n", strerror(errno)); return -1;
By default mounts are MS_PRIVATE (kernel default) but systemd decided to make it MS_SHARED by default since v188 https://github.com/systemd/systemd/commit/b3ac5f8cb98757416d8660023d6564a7c411f0a0 This patch fixes ujail on systemd distro (useful for development at least). Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com> --- jail/jail.c | 6 ++++++ 1 file changed, 6 insertions(+)