diff options
| author |  Philipp Wollermann <philwo@google.com> | 2017-03-24 13:06:55 +0000 |
|---|---|---|
| committer | Philipp Wollermann <philwo@google.com> | 2017-03-27 11:34:40 +0000 |
| commit | 6c5a182c7032a4e443ac882982d2f2a1b3ea4474 (patch) | |
| tree | 900a24e9ccb539b3763a11fed12cb1272f7c0c0a /src/main/tools | |
| parent | c2d773ef4c0916a44fd7936f7bbc22ec55102915 (diff) | |
sandbox: Ignore ENOENT during remount.
Instead of trying to detect overlapping mount points, just ignore any
ENOENT errors during remount. If this error happens, the mount point
wouldn't be accessible anyway, so there's no harm if the remount fails.
Fixes #1948.
--
PiperOrigin-RevId: 151118726
MOS_MIGRATED_REVID=151118726
Diffstat (limited to 'src/main/tools')
| -rw-r--r-- | src/main/tools/linux-sandbox-pid1.cc | 30 |
1 files changed, 7 insertions, 23 deletions
diff --git a/src/main/tools/linux-sandbox-pid1.cc b/src/main/tools/linux-sandbox-pid1.cc index 17a71432b9..367c92957e 100644 --- a/src/main/tools/linux-sandbox-pid1.cc +++ b/src/main/tools/linux-sandbox-pid1.cc @@ -211,15 +211,6 @@ static bool ShouldBeWritable(char *mnt_dir) { return false; } -static bool IsUnderTmpDir(const char *mnt_dir) { - for (const char *tmpfs_dir : opt.tmpfs_dirs) { - if (strstr(mnt_dir, tmpfs_dir) == mnt_dir) { - return true; - } - } - return false; -} - // Makes the whole filesystem read-only, except for the paths for which // ShouldBeWritable returns true. static void MakeFilesystemMostlyReadOnly() { @@ -230,13 +221,6 @@ static void MakeFilesystemMostlyReadOnly() { struct mntent *ent; while ((ent = getmntent(mounts)) != NULL) { - // Skip mounts that are under tmpfs directories because we've already - // replaced such directories with new tmpfs instances. - // mount() would fail with ENOENT if we tried to remount such mount points. - if (IsUnderTmpDir(ent->mnt_dir)) { - continue; - } - int mountFlags = MS_BIND | MS_REMOUNT; // MS_REMOUNT does not allow us to change certain flags. This means, we have @@ -271,17 +255,17 @@ static void MakeFilesystemMostlyReadOnly() { if (mount(NULL, ent->mnt_dir, NULL, mountFlags, NULL) < 0) { // If we get EACCES or EPERM, this might be a mount-point for which we // don't have read access. Not much we can do about this, but it also - // won't do any harm, so let's go on. The same goes for EINVAL, which is - // fired in case a later mount overlaps an earlier mount, e.g. consider - // the case of /proc, /proc/sys/fs/binfmt_misc and /proc, with the latter - // /proc being the one that an outer sandbox has mounted on top of its - // parent /proc. In that case, we're not allowed to remount + // won't do any harm, so let's go on. The same goes for EINVAL or ENOENT, + // which are fired in case a later mount overlaps an earlier mount, e.g. + // consider the case of /proc, /proc/sys/fs/binfmt_misc and /proc, with + // the latter /proc being the one that an outer sandbox has mounted on + // top of its parent /proc. In that case, we're not allowed to remount // /proc/sys/fs/binfmt_misc, because it is hidden. If we get ESTALE, the // mount is a broken NFS mount. In the ideal case, the user would either // fix or remove that mount, but in cases where that's not possible, we // should just ignore it. - if (errno != EACCES && errno != EINVAL && errno != ESTALE && - errno != EPERM) { + if (errno != EACCES && errno != EPERM && errno != EINVAL && + errno != ENOENT && errno != ESTALE) { DIE("remount(NULL, %s, NULL, %d, NULL)", ent->mnt_dir, mountFlags); } } |