diff options
author | Philipp Wollermann <philwo@google.com> | 2017-02-02 13:40:50 +0000 |
---|---|---|
committer | Yun Peng <pcloudy@google.com> | 2017-02-02 17:00:28 +0000 |
commit | 5a181c08d6a25bf773bad67c06635593b79debab (patch) | |
tree | d58904c28903739c27f73bf0f571818a5e6d23e1 /src/main/tools | |
parent | b99907661b785b0423cb2474da73205595b91fdd (diff) |
Fix #2285: linux-sandbox-pid1.cc:398: remount: Operation not permitted
Seems like on Ubuntu 16.04 we have to ignore EPERM on failed remounts, too.
--
PiperOrigin-RevId: 146354561
MOS_MIGRATED_REVID=146354561
Diffstat (limited to 'src/main/tools')
-rw-r--r-- | src/main/tools/linux-sandbox-pid1.cc | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/src/main/tools/linux-sandbox-pid1.cc b/src/main/tools/linux-sandbox-pid1.cc index 68909842e9..a85d63ccb8 100644 --- a/src/main/tools/linux-sandbox-pid1.cc +++ b/src/main/tools/linux-sandbox-pid1.cc @@ -386,18 +386,19 @@ static void MakeFilesystemMostlyReadOnly() { PRINT_DEBUG("remount %s: %s", (mountFlags & MS_RDONLY) ? "ro" : "rw", ent->mnt_dir); if (mount(NULL, ent->mnt_dir, NULL, mountFlags, NULL) < 0) { - // If we get EACCES, this might be a mount-point for which we don't have - // read access. Not much we can do about this, but it also won't do any - // harm, so let's go on. The same goes for EINVAL, which is fired in case - // a later mount overlaps an earlier mount, e.g. consider the case of - // /proc, /proc/sys/fs/binfmt_misc and /proc, with the latter /proc being - // the one that an outer sandbox has mounted on top of its parent /proc. - // In that case, we're not allowed to remount /proc/sys/fs/binfmt_misc, - // because it is hidden. If we get ESTALE, the mount is a broken NFS - // mount. In the ideal case, the user would either fix or remove that - // mount, but in cases where that's not possible, we should just ignore - // it. - if (errno != EACCES && errno != EINVAL && errno != ESTALE) { + // If we get EACCES or EPERM, this might be a mount-point for which we + // don't have read access. Not much we can do about this, but it also + // won't do any harm, so let's go on. The same goes for EINVAL, which is + // fired in case a later mount overlaps an earlier mount, e.g. consider + // the case of /proc, /proc/sys/fs/binfmt_misc and /proc, with the latter + // /proc being the one that an outer sandbox has mounted on top of its + // parent /proc. In that case, we're not allowed to remount + // /proc/sys/fs/binfmt_misc, because it is hidden. If we get ESTALE, the + // mount is a broken NFS mount. In the ideal case, the user would either + // fix or remove that mount, but in cases where that's not possible, we + // should just ignore it. + if (errno != EACCES && errno != EINVAL && errno != ESTALE && + errno != EPERM) { DIE("remount(NULL, %s, NULL, %d, NULL)", ent->mnt_dir, mountFlags); } } |