jail: Change mount propagation before switching root

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/libpakfire/include/pakfire/mount.h b/src/libpakfire/include/pakfire/mount.h
index 11638578f2723f8a35530613e1cf67110e276f9a..893053911d14aae9d4e2f5b99a629a155c143663 100644 (file)
--- a/src/libpakfire/include/pakfire/mount.h
+++ b/src/libpakfire/include/pakfire/mount.h
@@ -25,6 +25,8 @@
 
 #include <pakfire/pakfire.h>
 
+int pakfire_mount_change_propagation(struct pakfire* pakfire, int propagation, const char* path);
+
 int pakfire_mount_make_mounpoint(struct pakfire* pakfire, const char* path);
 
 int pakfire_bind(struct pakfire* pakfire, const char* src, const char* dst, int flags);

diff --git a/src/libpakfire/jail.c b/src/libpakfire/jail.c
index 768c030c5c8f1c4a521a8f9511c0bebf45a70a46..0e9a7eb7d3922a0fa243ec41053289cbcda045b7 100644 (file)
--- a/src/libpakfire/jail.c
+++ b/src/libpakfire/jail.c
@@ -1632,11 +1632,21 @@ static int pakfire_jail_child(struct pakfire_jail* jail, struct pakfire_jail_exe
        const char* root = pakfire_get_path(jail->pakfire);
        const char* arch = pakfire_get_arch(jail->pakfire);
 
+       // Change mount propagation to slave to receive anything from the parent namespace
+       r = pakfire_mount_change_propagation(jail->pakfire, MS_SLAVE, "/");
+       if (r)
+               return r;
+
        // Make root a mountpoint in the new mount namespace
        r = pakfire_mount_make_mounpoint(jail->pakfire, root);
        if (r)
                return r;
 
+       // Change mount propagation to private
+       r = pakfire_mount_change_propagation(jail->pakfire, MS_PRIVATE, root);
+       if (r)
+               return r;
+
        // Change root (unless root is /)
        if (!pakfire_on_root(jail->pakfire)) {
                // Mount everything

diff --git a/src/libpakfire/mount.c b/src/libpakfire/mount.c
index 1983cea3ab8192afea2b72b0ba74bb33675c3a6c..2647810442264df2fe07a03dd1fc38c69d8297dc 100644 (file)
--- a/src/libpakfire/mount.c
+++ b/src/libpakfire/mount.c
@@ -143,6 +143,16 @@ static const struct pakfire_symlink {
        { NULL },
 };
 
+int pakfire_mount_change_propagation(struct pakfire* pakfire, int propagation, const char* path) {
+       DEBUG(pakfire, "Changing mount propagation on %s\n", path);
+
+       int r = mount(NULL, path, NULL, propagation|MS_REC, NULL);
+       if (r)
+               ERROR(pakfire, "Failed to change mount propagation on %s: %m\n", path);
+
+       return r;
+}
+
 static int pakfire_mount_is_mountpoint(struct pakfire* pakfire, const char* path) {
        // XXX THIS STILL NEEDS TO BE IMPLEMENTED
        return 1;