From 9f558f7d39fec6dd5c95276366304e1b91e7f08a Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 17 Jul 2023 16:45:47 +0000 Subject: [PATCH] jail: Change mount propagation before switching root Signed-off-by: Michael Tremer --- src/libpakfire/include/pakfire/mount.h | 2 ++ src/libpakfire/jail.c | 10 ++++++++++ src/libpakfire/mount.c | 10 ++++++++++ 3 files changed, 22 insertions(+) diff --git a/src/libpakfire/include/pakfire/mount.h b/src/libpakfire/include/pakfire/mount.h index 11638578f..893053911 100644 --- a/src/libpakfire/include/pakfire/mount.h +++ b/src/libpakfire/include/pakfire/mount.h @@ -25,6 +25,8 @@ #include +int pakfire_mount_change_propagation(struct pakfire* pakfire, int propagation, const char* path); + int pakfire_mount_make_mounpoint(struct pakfire* pakfire, const char* path); int pakfire_bind(struct pakfire* pakfire, const char* src, const char* dst, int flags); diff --git a/src/libpakfire/jail.c b/src/libpakfire/jail.c index 768c030c5..0e9a7eb7d 100644 --- a/src/libpakfire/jail.c +++ b/src/libpakfire/jail.c @@ -1632,11 +1632,21 @@ static int pakfire_jail_child(struct pakfire_jail* jail, struct pakfire_jail_exe const char* root = pakfire_get_path(jail->pakfire); const char* arch = pakfire_get_arch(jail->pakfire); + // Change mount propagation to slave to receive anything from the parent namespace + r = pakfire_mount_change_propagation(jail->pakfire, MS_SLAVE, "/"); + if (r) + return r; + // Make root a mountpoint in the new mount namespace r = pakfire_mount_make_mounpoint(jail->pakfire, root); if (r) return r; + // Change mount propagation to private + r = pakfire_mount_change_propagation(jail->pakfire, MS_PRIVATE, root); + if (r) + return r; + // Change root (unless root is /) if (!pakfire_on_root(jail->pakfire)) { // Mount everything diff --git a/src/libpakfire/mount.c b/src/libpakfire/mount.c index 1983cea3a..264781044 100644 --- a/src/libpakfire/mount.c +++ b/src/libpakfire/mount.c @@ -143,6 +143,16 @@ static const struct pakfire_symlink { { NULL }, }; +int pakfire_mount_change_propagation(struct pakfire* pakfire, int propagation, const char* path) { + DEBUG(pakfire, "Changing mount propagation on %s\n", path); + + int r = mount(NULL, path, NULL, propagation|MS_REC, NULL); + if (r) + ERROR(pakfire, "Failed to change mount propagation on %s: %m\n", path); + + return r; +} + static int pakfire_mount_is_mountpoint(struct pakfire* pakfire, const char* path) { // XXX THIS STILL NEEDS TO BE IMPLEMENTED return 1; -- 2.39.5