mount: Make /dev/mqueue available in jail

author Michael Tremer <michael.tremer@ipfire.org>

Tue, 2 Aug 2022 16:03:57 +0000 (16:03 +0000)

committer Michael Tremer <michael.tremer@ipfire.org>

Tue, 2 Aug 2022 16:03:57 +0000 (16:03 +0000)
author Michael Tremer <michael.tremer@ipfire.org>
Tue, 2 Aug 2022 16:03:57 +0000 (16:03 +0000)
committer Michael Tremer <michael.tremer@ipfire.org>
Tue, 2 Aug 2022 16:03:57 +0000 (16:03 +0000)
diff --git a/src/libpakfire/mount.c b/src/libpakfire/mount.c

index 5682b6c251f66e3ad35e6ed8eb1425b50c839113..70a323a0d17f7cc02d3adff1636e159d58a1ee49 100644 (file)
--- a/src/libpakfire/mount.c
+++ b/src/libpakfire/mount.c
@@ -48,38 +48,42 @@ static const struct pakfire_mountpoint {
                 MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL, },
  
         // Make /proc/sys read-only (except /proc/sys/net)
-       { "/proc/sys",           "proc/sys",           "bind",  MS_BIND|MS_REC, NULL, },
-       { "/proc/sys/net",       "proc/sys/net",       "bind",  MS_BIND|MS_REC, NULL, },
+       { "/proc/sys",           "proc/sys",           "bind",   MS_BIND|MS_REC, NULL, },
+       { "/proc/sys/net",       "proc/sys/net",       "bind",   MS_BIND|MS_REC, NULL, },
         { "/proc/sys",           "proc/sys",           "bind",
                 MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },
  
         // Deny write access to /proc/sysrq-trigger (can be used to restart the host)
-       { "/proc/sysrq-trigger", "proc/sysrq-trigger", "bind",  MS_BIND|MS_REC, NULL, },
+       { "/proc/sysrq-trigger", "proc/sysrq-trigger", "bind",   MS_BIND|MS_REC, NULL, },
         { "/proc/sysrq-trigger", "proc/sysrq-trigger", "bind",
                 MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },
  
         // Make /proc/irq read-only
-       { "/proc/irq",           "proc/irq",           "bind",  MS_BIND|MS_REC, NULL, },
+       { "/proc/irq",           "proc/irq",           "bind",   MS_BIND|MS_REC, NULL, },
         { "/proc/irq",           "proc/irq",           "bind",
                 MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },
  
         // Make /proc/bus read-only
-       { "/proc/bus",           "proc/bus",           "bind",  MS_BIND|MS_REC, NULL, },
+       { "/proc/bus",           "proc/bus",           "bind",   MS_BIND|MS_REC, NULL, },
         { "/proc/bus",           "proc/bus",           "bind",
                 MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },
  
         // Bind-Mount /sys ready-only
-       { "/sys",                "sys",                "bind",  MS_BIND|MS_REC, NULL, },
+       { "/sys",                "sys",                "bind",   MS_BIND|MS_REC, NULL, },
         { "/sys",                "sys",                "bind",
                 MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },
  
         // Create a new /dev
-       { "pakfire_dev",         "dev",                "tmpfs", MS_NOSUID|MS_NOEXEC,
+       { "pakfire_dev",         "dev",                "tmpfs",  MS_NOSUID|MS_NOEXEC,
                 "mode=0755,size=4m,nr_inodes=64k", },
-       { "/dev/pts",            "dev/pts",            "bind",  MS_BIND, NULL, },
+       { "/dev/pts",            "dev/pts",            "bind",   MS_BIND, NULL, },
+
+       // Mount /dev/mqueue
+       { "mqueue",               "dev/mqueue",        "mqueue",
+               MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL },
  
         // Create a new /run
-       { "pakfire_tmpfs",       "run",                "tmpfs", MS_NOSUID|MS_NOEXEC|MS_NODEV,
+       { "pakfire_tmpfs",       "run",                "tmpfs",  MS_NOSUID|MS_NOEXEC|MS_NODEV,
                 "mode=755,size=4m,nr_inodes=1k", },
  
         // The end
author	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 2 Aug 2022 16:03:57 +0000 (16:03 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 2 Aug 2022 16:03:57 +0000 (16:03 +0000)