diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2020-02-06 04:27:03 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2020-02-06 04:27:03 +0000 |
commit | cb22ddf389fb3fb0c85fcb614bed9040f1376135 (patch) | |
tree | 83dbdcfc902311186d21ee3800be919aba08c482 | |
parent | 9dc140f9e109bca0ff76cbbf3e92318a9c755ebd (diff) | |
parent | e8f6c07643a51695706628a696a85aeec455bdad (diff) | |
download | minijail-cb22ddf389fb3fb0c85fcb614bed9040f1376135.tar.gz |
Snap for 6185678 from e8f6c07643a51695706628a696a85aeec455bdad to rvc-release
Change-Id: I1ffe4695bc611b4671e5ddd4bf490319f33c6185
-rw-r--r-- | libminijail.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/libminijail.c b/libminijail.c index 8531c76..d9e8e3c 100644 --- a/libminijail.c +++ b/libminijail.c @@ -832,10 +832,14 @@ int API minijail_mount_with_data(struct minijail *j, const char *src, m->flags = flags; /* - * Force vfs namespacing so the mounts don't leak out into the - * containing vfs namespace. + * Unless asked to enter an existing namespace, force vfs namespacing + * so the mounts don't leak out into the containing vfs namespace. + * If Minijail is being asked to enter the root vfs namespace this will + * leak mounts, but it's unlikely that the user would ask to do that by + * mistake. */ - minijail_namespace_vfs(j); + if (!j->flags.enter_vfs) + minijail_namespace_vfs(j); if (j->mounts_tail) j->mounts_tail->next = m; |