diff options
| author | Zi Lin <lziest@google.com> | 2022-01-31 22:41:36 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2022-01-31 22:41:36 +0000 |
| commit | 64b9dfb64367bb74b50a7308f9a863c9f2846fde (patch) | |
| tree | 1fac6176f65aebae1ad9c5ed73f3dd26b66a4d00 | |
| parent | 12835df0a507ff83be5a89d39d358f606c03a5aa (diff) | |
| parent | d7f65e0f0ad30a9b3a75bd1c7fd88b89355c9d13 (diff) | |
| download | minijail-64b9dfb64367bb74b50a7308f9a863c9f2846fde.tar.gz | |
cli: add a new long option '--ns-mount', equivalent to '-v'. am: c628910028 am: 5b0027d5ed am: d7f65e0f0a
Original change: https://android-review.googlesource.com/c/platform/external/minijail/+/1966819
Change-Id: I122e4553b5700315b59ba996aa0f9890458e9210
| -rw-r--r-- | minijail0.1 | 2 | ||||
| -rw-r--r-- | minijail0_cli.c | 4 | ||||
| -rw-r--r-- | minijail0_cli_unittest.cc | 2 | ||||
| -rw-r--r-- | test/valid.conf | 3 |
4 files changed, 8 insertions, 3 deletions
diff --git a/minijail0.1 b/minijail0.1 index 9258e3f..a53ec6f 100644 --- a/minijail0.1 +++ b/minijail0.1 @@ -257,7 +257,7 @@ Change users to the specified \fIuser\fR name, or numeric user ID \fIuid\fR. \fB-U\fR Enter a new user namespace (implies \fB-p\fR). .TP -\fB-v\fR +\fB-v\fR, \fB--ns-mount\fR Run inside a new VFS namespace. This option prevents mounts performed by the program from affecting the rest of the system (but see \fB-K\fR). .TP diff --git a/minijail0_cli.c b/minijail0_cli.c index 3b9b708..e366846 100644 --- a/minijail0_cli.c +++ b/minijail0_cli.c @@ -500,6 +500,7 @@ static const struct option long_options[] = { {"env-reset", no_argument, 0, OPT_ENV_RESET}, {"mount", required_argument, 0, 'k'}, {"bind-mount", required_argument, 0, 'b'}, + {"ns-mount", no_argument, 0, 'v'}, {0, 0, 0, 0}, }; @@ -543,7 +544,8 @@ static const char help_text[] = "Namespace options:\n" " -N Enter a new cgroup namespace.\n" " -l Enter new IPC namespace.\n" -" -v Enter new mount namespace.\n" +" -v, --ns-mount\n" +" Enter new mount namespace.\n" " -V <file> Enter specified mount namespace.\n" " -e[file] Enter new network namespace, or existing |file| if provided.\n" " -p Enter new pid namespace (implies -vr).\n" diff --git a/minijail0_cli_unittest.cc b/minijail0_cli_unittest.cc index f280a8a..7b20ecd 100644 --- a/minijail0_cli_unittest.cc +++ b/minijail0_cli_unittest.cc @@ -598,7 +598,7 @@ TEST_F(CliTest, conf_parsing_invalid_key) { } TEST_F(CliTest, conf_parsing) { - std::vector<std::string> argv = {"-v", "--config", + std::vector<std::string> argv = {"--config", source_path("test/valid.conf"), "/bin/sh"}; diff --git a/test/valid.conf b/test/valid.conf index 4f75bb9..a574e6c 100644 --- a/test/valid.conf +++ b/test/valid.conf @@ -1,5 +1,8 @@ % minijail-config-file v0 # Comments +# enable mount namespace +ns-mount +# mounts and bind-mounts mount = none,/,none bind-mount = /,/ mount-dev |