Fix sandbox to recursively bind mount the writable directories.

If a directory that is being bind mounted has a subdirectory that is a mount point (e.g.: tmpfs on /tmp/tmp), then the MS_BIND mount() call will fail with invalid argument. Fixes #3064. RELNOTES: None. PiperOrigin-RevId: 157973469
author: Googler <noreply@google.com> 2017-06-04 19:47:11 -0400
committer: John Cater <jcater@google.com> 2017-06-05 10:19:17 -0400
commit: 7d8943e51ab07ae9491ebbee4c62892ee7647cc1 (patch)
tree: ce1606c9aae126f02b29ee79ec2712ac3dfed502 /src/main/tools
parent: ff1a3c05c9fca488056751c31bcd32c467850867 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/src/main/tools/linux-sandbox-pid1.cc b/src/main/tools/linux-sandbox-pid1.cc
index 2f08862fd8..849904a75f 100644
--- a/src/main/tools/linux-sandbox-pid1.cc
+++ b/src/main/tools/linux-sandbox-pid1.cc
@@ -186,10 +186,10 @@ static void MountFilesystems() {
 
   for (const std::string &writable_file : opt.writable_files) {
     PRINT_DEBUG("writable: %s", writable_file.c_str());
-    if (mount(writable_file.c_str(), writable_file.c_str(), nullptr, MS_BIND,
-              nullptr) < 0) {
-      DIE("mount(%s, %s, nullptr, MS_BIND, nullptr)", writable_file.c_str(),
-          writable_file.c_str());
+    if (mount(writable_file.c_str(), writable_file.c_str(), nullptr,
+              MS_BIND | MS_REC, nullptr) < 0) {
+      DIE("mount(%s, %s, nullptr, MS_BIND | MS_REC, nullptr)",
+          writable_file.c_str(), writable_file.c_str());
     }
   }
 }
author	Googler <noreply@google.com>	2017-06-04 19:47:11 -0400
committer	John Cater <jcater@google.com>	2017-06-05 10:19:17 -0400
commit	7d8943e51ab07ae9491ebbee4c62892ee7647cc1 (patch)
tree	ce1606c9aae126f02b29ee79ec2712ac3dfed502 /src/main/tools
parent	ff1a3c05c9fca488056751c31bcd32c467850867 (diff)