From: Michael Tremer Date: Sun, 17 Jul 2022 12:13:54 +0000 (+0000) Subject: execute: Disable mount propagation before calling pivot_root() X-Git-Tag: 0.9.28~701 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dc01afb61460054206d891db4d8ec6689b689228;p=pakfire.git execute: Disable mount propagation before calling pivot_root() Signed-off-by: Michael Tremer --- diff --git a/src/libpakfire/execute.c b/src/libpakfire/execute.c index 310ab7372..f4cde9465 100644 --- a/src/libpakfire/execute.c +++ b/src/libpakfire/execute.c @@ -561,6 +561,11 @@ static int pakfire_execute_fork(void* data) { // Change root (unless root is /) if (strcmp(root, "/") != 0) { + // Disable mount propagation on / + r = pakfire_disable_mount_propagation(pakfire, "/"); + if (r) + return r; + // Mount everything r = pakfire_mount_all(pakfire, MOUNT_IN_NEW_NS); if (r) diff --git a/src/libpakfire/include/pakfire/mount.h b/src/libpakfire/include/pakfire/mount.h index fba1ae735..6f1b9a056 100644 --- a/src/libpakfire/include/pakfire/mount.h +++ b/src/libpakfire/include/pakfire/mount.h @@ -30,6 +30,8 @@ enum pakfire_mount_flags { MOUNT_IN_NEW_NS = (1 << 0), }; +int pakfire_disable_mount_propagation(struct pakfire* pakfire, const char* path); + int pakfire_mount_list(struct pakfire* pakfire); int pakfire_mount(struct pakfire* pakfire, const char* source, const char* target, diff --git a/src/libpakfire/mount.c b/src/libpakfire/mount.c index 03995c80e..67313d446 100644 --- a/src/libpakfire/mount.c +++ b/src/libpakfire/mount.c @@ -77,6 +77,16 @@ static const struct pakfire_mountpoint { { NULL }, }; +int pakfire_disable_mount_propagation(struct pakfire* pakfire, const char* path) { + DEBUG(pakfire, "Disabling mount propagation on %s\n", path); + + int r = mount(NULL, path, NULL, MS_REC|MS_PRIVATE, NULL); + if (r) + ERROR(pakfire, "Failed to set mount propagation on %s to private: %m", path); + + return r; +} + /* Easy way to iterate through all mountpoints */