Snap for 6185678 from e8f6c07643a51695706628a696a85aeec455bdad to rvc-release

Change-Id: I1ffe4695bc611b4671e5ddd4bf490319f33c6185
author: android-build-team Robot <android-build-team-robot@google.com> 2020-02-06 04:27:03 +0000
committer: android-build-team Robot <android-build-team-robot@google.com> 2020-02-06 04:27:03 +0000
commit: cb22ddf389fb3fb0c85fcb614bed9040f1376135 (patch)
tree: 83dbdcfc902311186d21ee3800be919aba08c482
parent: 9dc140f9e109bca0ff76cbbf3e92318a9c755ebd (diff)
parent: e8f6c07643a51695706628a696a85aeec455bdad (diff)
download: minijail-cb22ddf389fb3fb0c85fcb614bed9040f1376135.tar.gz
1 files changed, 7 insertions, 3 deletions
diff --git a/libminijail.c b/libminijail.c
index 8531c76..d9e8e3c 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -832,10 +832,14 @@ int API minijail_mount_with_data(struct minijail *j, const char *src,
 	m->flags = flags;
 
 	/*
-	 * Force vfs namespacing so the mounts don't leak out into the
-	 * containing vfs namespace.
+	 * Unless asked to enter an existing namespace, force vfs namespacing
+	 * so the mounts don't leak out into the containing vfs namespace.
+	 * If Minijail is being asked to enter the root vfs namespace this will
+	 * leak mounts, but it's unlikely that the user would ask to do that by
+	 * mistake.
 	 */
-	minijail_namespace_vfs(j);
+	if (!j->flags.enter_vfs)
+		minijail_namespace_vfs(j);
 
 	if (j->mounts_tail)
 		j->mounts_tail->next = m;
author	android-build-team Robot <android-build-team-robot@google.com>	2020-02-06 04:27:03 +0000
committer	android-build-team Robot <android-build-team-robot@google.com>	2020-02-06 04:27:03 +0000
commit	cb22ddf389fb3fb0c85fcb614bed9040f1376135 (patch)
tree	83dbdcfc902311186d21ee3800be919aba08c482
parent	9dc140f9e109bca0ff76cbbf3e92318a9c755ebd (diff)
parent	e8f6c07643a51695706628a696a85aeec455bdad (diff)
download	minijail-cb22ddf389fb3fb0c85fcb614bed9040f1376135.tar.gz