diff options
author | Jorge Lucangeli Obes <jorgelo@google.com> | 2016-01-26 23:17:20 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2016-01-26 23:17:20 +0000 |
commit | db827c79f5aeb919345fe107a54e9eee3eec5e82 (patch) | |
tree | f122a430d9228b19426eca34686c5f70bd056bc9 | |
parent | 8e6dadfddfeb902286a227547d80f69dc9ed0d3f (diff) | |
parent | 2b12ba490431f312099163c476d30fb39e9428d7 (diff) | |
download | minijail-db827c79f5aeb919345fe107a54e9eee3eec5e82.tar.gz |
Print an error when attempting to use bind mounts without chroot.
am: 2b12ba4904
* commit '2b12ba490431f312099163c476d30fb39e9428d7':
Print an error when attempting to use bind mounts without chroot.
-rw-r--r-- | libminijail.c | 13 | ||||
-rw-r--r-- | minijail0.c | 31 |
2 files changed, 29 insertions, 15 deletions
diff --git a/libminijail.c b/libminijail.c index 2cc6557..0806d17 100644 --- a/libminijail.c +++ b/libminijail.c @@ -993,14 +993,14 @@ static int mount_one(const struct minijail *j, struct mountpoint *m) char *dest; int remount_ro = 0; - /* dest has a leading "/" */ + /* |dest| has a leading "/". */ if (asprintf(&dest, "%s%s", j->chrootdir, m->dest) < 0) return -ENOMEM; /* - * R/O bind mounts have to be remounted since bind and ro can't both be - * specified in the original bind mount. Remount R/O after the initial - * mount. + * R/O bind mounts have to be remounted since 'bind' and 'ro' + * can't both be specified in the original bind mount. + * Remount R/O after the initial mount. */ if ((m->flags & MS_BIND) && (m->flags & MS_RDONLY)) { remount_ro = 1; @@ -1344,6 +1344,9 @@ void API minijail_enter(const struct minijail *j) pdie("unshare(net)"); } + if (j->mounts_head && !(j->flags.chroot || j->flags.pivot_root)) + die("can't bind-mount without chroot or pivot_root"); + if (j->flags.chroot && enter_chroot(j)) pdie("chroot"); @@ -1636,7 +1639,7 @@ int minijail_run_internal(struct minijail *j, const char *filename, if (!use_preload) { if (j->flags.caps) - die("Capabilities are not supported without " + die("capabilities are not supported without " "LD_PRELOAD"); } diff --git a/minijail0.c b/minijail0.c index fb0b3b3..58c6063 100644 --- a/minijail0.c +++ b/minijail0.c @@ -67,7 +67,7 @@ static void add_binding(struct minijail *j, char *arg) exit(1); } if (minijail_bind(j, src, dest, flags ? atoi(flags) : 0)) { - fprintf(stderr, "Bind failure.\n"); + fprintf(stderr, "minijail_bind failed.\n"); exit(1); } } @@ -161,6 +161,7 @@ static int parse_args(struct minijail *j, int argc, char *argv[], { int opt; int use_seccomp_filter = 0; + int binding = 0; int pivot_root = 0, chroot = 0; const size_t path_max = 4096; const char *filter_path; @@ -185,8 +186,7 @@ static int parse_args(struct minijail *j, int argc, char *argv[], case 'S': minijail_use_seccomp_filter(j); if (strlen(optarg) >= path_max) { - fprintf(stderr, - "Filter path is too long.\n"); + fprintf(stderr, "Filter path is too long.\n"); exit(1); } filter_path = strndup(optarg, path_max); @@ -205,6 +205,7 @@ static int parse_args(struct minijail *j, int argc, char *argv[], break; case 'b': add_binding(j, optarg); + binding = 1; break; case 'c': use_caps(j, optarg); @@ -212,7 +213,7 @@ static int parse_args(struct minijail *j, int argc, char *argv[], case 'C': if (pivot_root) { fprintf(stderr, "Could not set chroot because " - "'-P' was specified.\n"); + "'-P' was specified.\n"); exit(1); } if (0 != minijail_enter_chroot(j, optarg)) { @@ -226,8 +227,9 @@ static int parse_args(struct minijail *j, int argc, char *argv[], break; case 'P': if (chroot) { - fprintf(stderr, "Could not set pivot_root because " - "'-C' was specified.\n"); + fprintf(stderr, + "Could not set pivot_root because " + "'-C' was specified.\n"); exit(1); } if (0 != minijail_enter_pivot_root(j, optarg)) { @@ -239,7 +241,8 @@ static int parse_args(struct minijail *j, int argc, char *argv[], break; case 'f': if (0 != minijail_write_pid_file(j, optarg)) { - fprintf(stderr, "Could not prepare pid file path.\n"); + fprintf(stderr, + "Could not prepare pid file path.\n"); exit(1); } break; @@ -285,7 +288,7 @@ static int parse_args(struct minijail *j, int argc, char *argv[], minijail_namespace_user(j); minijail_namespace_pids(j); if (0 != minijail_uidmap(j, optarg)) { - fprintf(stderr, "Could not set uidmap\n"); + fprintf(stderr, "Could not set uidmap.\n"); exit(1); } break; @@ -293,13 +296,14 @@ static int parse_args(struct minijail *j, int argc, char *argv[], minijail_namespace_user(j); minijail_namespace_pids(j); if (0 != minijail_gidmap(j, optarg)) { - fprintf(stderr, "Could not set gidmap\n"); + fprintf(stderr, "Could not set gidmap.\n"); exit(1); } break; case 'a': if (0 != minijail_use_alt_syscall(j, optarg)) { - fprintf(stderr, "Could not set alt-syscall table\n"); + fprintf(stderr, + "Could not set alt-syscall table.\n"); exit(1); } break; @@ -311,6 +315,13 @@ static int parse_args(struct minijail *j, int argc, char *argv[], break; } + /* Only allow bind mounts when entering a chroot or using pivot_root. */ + if (binding && !(chroot || pivot_root)) { + fprintf(stderr, "Can't add bind mounts without chroot or" + " pivot_root.\n"); + exit(1); + } + /* * We parse seccomp filters here to make sure we've collected all * cmdline options. |