diff options
| author | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-02-05 23:48:07 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-02-05 23:48:07 +0000 |
| commit | ab8688bfc6c913bccef6a5c5781b6f5c7b78e6a6 (patch) | |
| tree | 83dbdcfc902311186d21ee3800be919aba08c482 | |
| parent | 8ebeec28530d101abc1013915c9ad0d80764b0a3 (diff) | |
| parent | 4a9d2901ebb203adc607e0ccac537718e317da30 (diff) | |
| download | minijail-ab8688bfc6c913bccef6a5c5781b6f5c7b78e6a6.tar.gz | |
Skip new mount namespace on -k. am: 0a0514ca8e am: 4a9d2901eb
Change-Id: I27f993bd649844dc2640c33022fd22b009acbbad
| -rw-r--r-- | libminijail.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/libminijail.c b/libminijail.c index 8531c76..d9e8e3c 100644 --- a/libminijail.c +++ b/libminijail.c @@ -832,10 +832,14 @@ int API minijail_mount_with_data(struct minijail *j, const char *src, m->flags = flags; /* - * Force vfs namespacing so the mounts don't leak out into the - * containing vfs namespace. + * Unless asked to enter an existing namespace, force vfs namespacing + * so the mounts don't leak out into the containing vfs namespace. + * If Minijail is being asked to enter the root vfs namespace this will + * leak mounts, but it's unlikely that the user would ask to do that by + * mistake. */ - minijail_namespace_vfs(j); + if (!j->flags.enter_vfs) + minijail_namespace_vfs(j); if (j->mounts_tail) j->mounts_tail->next = m; |