diff options
| author | Zi Lin <lziest@google.com> | 2022-01-28 23:38:32 +0000 |
|---|---|---|
| committer | Zi Lin <lziest@google.com> | 2022-01-31 18:48:13 +0000 |
| commit | c628910028be8458900bf9b7c9fad9d5b42d3b04 (patch) | |
| tree | 1fac6176f65aebae1ad9c5ed73f3dd26b66a4d00 | |
| parent | f65da3a91d350345a3b2a4e365314c5efdb13851 (diff) | |
| download | minijail-c628910028be8458900bf9b7c9fad9d5b42d3b04.tar.gz | |
cli: add a new long option '--ns-mount', equivalent to '-v'.android-t-preview-2android-t-preview-1android-t-beta-3android-s-v2-beta-3android-s-qpr3-beta-1android-t-preview-1android-s-v2-beta-3android-s-qpr3-beta-1
This also enables having 'ns-mount' in the conf file.
This change helps to create a self-contained conf file for
mounts and bind-mounts. Our first target use of conf file is
moving '-b' and '-k' options in the cli to a file with 'bind-mount=...'
and 'mount=...'.
Bug: 216345755
Test: Make tests, inspected "man -l minijail0.1"
Change-Id: Ib4a599d4fe8e6506d268356471ec151eed9f7490
| -rw-r--r-- | minijail0.1 | 2 | ||||
| -rw-r--r-- | minijail0_cli.c | 4 | ||||
| -rw-r--r-- | minijail0_cli_unittest.cc | 2 | ||||
| -rw-r--r-- | test/valid.conf | 3 |
4 files changed, 8 insertions, 3 deletions
diff --git a/minijail0.1 b/minijail0.1 index 9258e3f..a53ec6f 100644 --- a/minijail0.1 +++ b/minijail0.1 @@ -257,7 +257,7 @@ Change users to the specified \fIuser\fR name, or numeric user ID \fIuid\fR. \fB-U\fR Enter a new user namespace (implies \fB-p\fR). .TP -\fB-v\fR +\fB-v\fR, \fB--ns-mount\fR Run inside a new VFS namespace. This option prevents mounts performed by the program from affecting the rest of the system (but see \fB-K\fR). .TP diff --git a/minijail0_cli.c b/minijail0_cli.c index 3b9b708..e366846 100644 --- a/minijail0_cli.c +++ b/minijail0_cli.c @@ -500,6 +500,7 @@ static const struct option long_options[] = { {"env-reset", no_argument, 0, OPT_ENV_RESET}, {"mount", required_argument, 0, 'k'}, {"bind-mount", required_argument, 0, 'b'}, + {"ns-mount", no_argument, 0, 'v'}, {0, 0, 0, 0}, }; @@ -543,7 +544,8 @@ static const char help_text[] = "Namespace options:\n" " -N Enter a new cgroup namespace.\n" " -l Enter new IPC namespace.\n" -" -v Enter new mount namespace.\n" +" -v, --ns-mount\n" +" Enter new mount namespace.\n" " -V <file> Enter specified mount namespace.\n" " -e[file] Enter new network namespace, or existing |file| if provided.\n" " -p Enter new pid namespace (implies -vr).\n" diff --git a/minijail0_cli_unittest.cc b/minijail0_cli_unittest.cc index f280a8a..7b20ecd 100644 --- a/minijail0_cli_unittest.cc +++ b/minijail0_cli_unittest.cc @@ -598,7 +598,7 @@ TEST_F(CliTest, conf_parsing_invalid_key) { } TEST_F(CliTest, conf_parsing) { - std::vector<std::string> argv = {"-v", "--config", + std::vector<std::string> argv = {"--config", source_path("test/valid.conf"), "/bin/sh"}; diff --git a/test/valid.conf b/test/valid.conf index 4f75bb9..a574e6c 100644 --- a/test/valid.conf +++ b/test/valid.conf @@ -1,5 +1,8 @@ % minijail-config-file v0 # Comments +# enable mount namespace +ns-mount +# mounts and bind-mounts mount = none,/,none bind-mount = /,/ mount-dev |