aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/main/tools
diff options
context:
space:
mode:
authorGravatar Philipp Wollermann <philwo@google.com>2017-02-02 13:40:50 +0000
committerGravatar Yun Peng <pcloudy@google.com>2017-02-02 17:00:28 +0000
commit5a181c08d6a25bf773bad67c06635593b79debab (patch)
treed58904c28903739c27f73bf0f571818a5e6d23e1 /src/main/tools
parentb99907661b785b0423cb2474da73205595b91fdd (diff)
Fix #2285: linux-sandbox-pid1.cc:398: remount: Operation not permitted
Seems like on Ubuntu 16.04 we have to ignore EPERM on failed remounts, too. -- PiperOrigin-RevId: 146354561 MOS_MIGRATED_REVID=146354561
Diffstat (limited to 'src/main/tools')
-rw-r--r--src/main/tools/linux-sandbox-pid1.cc25
1 files changed, 13 insertions, 12 deletions
diff --git a/src/main/tools/linux-sandbox-pid1.cc b/src/main/tools/linux-sandbox-pid1.cc
index 68909842e9..a85d63ccb8 100644
--- a/src/main/tools/linux-sandbox-pid1.cc
+++ b/src/main/tools/linux-sandbox-pid1.cc
@@ -386,18 +386,19 @@ static void MakeFilesystemMostlyReadOnly() {
PRINT_DEBUG("remount %s: %s", (mountFlags & MS_RDONLY) ? "ro" : "rw",
ent->mnt_dir);
if (mount(NULL, ent->mnt_dir, NULL, mountFlags, NULL) < 0) {
- // If we get EACCES, this might be a mount-point for which we don't have
- // read access. Not much we can do about this, but it also won't do any
- // harm, so let's go on. The same goes for EINVAL, which is fired in case
- // a later mount overlaps an earlier mount, e.g. consider the case of
- // /proc, /proc/sys/fs/binfmt_misc and /proc, with the latter /proc being
- // the one that an outer sandbox has mounted on top of its parent /proc.
- // In that case, we're not allowed to remount /proc/sys/fs/binfmt_misc,
- // because it is hidden. If we get ESTALE, the mount is a broken NFS
- // mount. In the ideal case, the user would either fix or remove that
- // mount, but in cases where that's not possible, we should just ignore
- // it.
- if (errno != EACCES && errno != EINVAL && errno != ESTALE) {
+ // If we get EACCES or EPERM, this might be a mount-point for which we
+ // don't have read access. Not much we can do about this, but it also
+ // won't do any harm, so let's go on. The same goes for EINVAL, which is
+ // fired in case a later mount overlaps an earlier mount, e.g. consider
+ // the case of /proc, /proc/sys/fs/binfmt_misc and /proc, with the latter
+ // /proc being the one that an outer sandbox has mounted on top of its
+ // parent /proc. In that case, we're not allowed to remount
+ // /proc/sys/fs/binfmt_misc, because it is hidden. If we get ESTALE, the
+ // mount is a broken NFS mount. In the ideal case, the user would either
+ // fix or remove that mount, but in cases where that's not possible, we
+ // should just ignore it.
+ if (errno != EACCES && errno != EINVAL && errno != ESTALE &&
+ errno != EPERM) {
DIE("remount(NULL, %s, NULL, %d, NULL)", ent->mnt_dir, mountFlags);
}
}