From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 2 Aug 2022 16:03:57 +0000 (+0000)
Subject: mount: Make /dev/mqueue available in jail
X-Git-Tag: 0.9.28~627
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cc752adae0b68fe4f112153883c7dfba6975d90b;p=people%2Fms%2Fpakfire.git

mount: Make /dev/mqueue available in jail

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/libpakfire/mount.c b/src/libpakfire/mount.c
index 5682b6c25..70a323a0d 100644
--- a/src/libpakfire/mount.c
+++ b/src/libpakfire/mount.c
@@ -48,38 +48,42 @@ static const struct pakfire_mountpoint {
 		MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL, },
 
 	// Make /proc/sys read-only (except /proc/sys/net)
-	{ "/proc/sys",           "proc/sys",           "bind",  MS_BIND|MS_REC, NULL, },
-	{ "/proc/sys/net",       "proc/sys/net",       "bind",  MS_BIND|MS_REC, NULL, },
+	{ "/proc/sys",           "proc/sys",           "bind",   MS_BIND|MS_REC, NULL, },
+	{ "/proc/sys/net",       "proc/sys/net",       "bind",   MS_BIND|MS_REC, NULL, },
 	{ "/proc/sys",           "proc/sys",           "bind",
 		MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },
 
 	// Deny write access to /proc/sysrq-trigger (can be used to restart the host)
-	{ "/proc/sysrq-trigger", "proc/sysrq-trigger", "bind",  MS_BIND|MS_REC, NULL, },
+	{ "/proc/sysrq-trigger", "proc/sysrq-trigger", "bind",   MS_BIND|MS_REC, NULL, },
 	{ "/proc/sysrq-trigger", "proc/sysrq-trigger", "bind",
 		MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },
 
 	// Make /proc/irq read-only
-	{ "/proc/irq",           "proc/irq",           "bind",  MS_BIND|MS_REC, NULL, },
+	{ "/proc/irq",           "proc/irq",           "bind",   MS_BIND|MS_REC, NULL, },
 	{ "/proc/irq",           "proc/irq",           "bind",
 		MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },
 
 	// Make /proc/bus read-only
-	{ "/proc/bus",           "proc/bus",           "bind",  MS_BIND|MS_REC, NULL, },
+	{ "/proc/bus",           "proc/bus",           "bind",   MS_BIND|MS_REC, NULL, },
 	{ "/proc/bus",           "proc/bus",           "bind",
 		MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },
 
 	// Bind-Mount /sys ready-only
-	{ "/sys",                "sys",                "bind",  MS_BIND|MS_REC, NULL, },
+	{ "/sys",                "sys",                "bind",   MS_BIND|MS_REC, NULL, },
 	{ "/sys",                "sys",                "bind",
 		MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, NULL, },
 
 	// Create a new /dev
-	{ "pakfire_dev",         "dev",                "tmpfs", MS_NOSUID|MS_NOEXEC,
+	{ "pakfire_dev",         "dev",                "tmpfs",  MS_NOSUID|MS_NOEXEC,
 		"mode=0755,size=4m,nr_inodes=64k", },
-	{ "/dev/pts",            "dev/pts",            "bind",  MS_BIND, NULL, },
+	{ "/dev/pts",            "dev/pts",            "bind",   MS_BIND, NULL, },
+
+	// Mount /dev/mqueue
+	{ "mqueue",               "dev/mqueue",        "mqueue",
+		MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL },
 
 	// Create a new /run
-	{ "pakfire_tmpfs",       "run",                "tmpfs", MS_NOSUID|MS_NOEXEC|MS_NODEV,
+	{ "pakfire_tmpfs",       "run",                "tmpfs",  MS_NOSUID|MS_NOEXEC|MS_NODEV,
 		"mode=755,size=4m,nr_inodes=1k", },
 
 	// The end