From 6c5a182c7032a4e443ac882982d2f2a1b3ea4474 Mon Sep 17 00:00:00 2001 From: Philipp Wollermann Date: Fri, 24 Mar 2017 13:06:55 +0000 Subject: sandbox: Ignore ENOENT during remount. Instead of trying to detect overlapping mount points, just ignore any ENOENT errors during remount. If this error happens, the mount point wouldn't be accessible anyway, so there's no harm if the remount fails. Fixes #1948. -- PiperOrigin-RevId: 151118726 MOS_MIGRATED_REVID=151118726 --- src/main/tools/linux-sandbox-pid1.cc | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) diff --git a/src/main/tools/linux-sandbox-pid1.cc b/src/main/tools/linux-sandbox-pid1.cc index 17a71432b9..367c92957e 100644 --- a/src/main/tools/linux-sandbox-pid1.cc +++ b/src/main/tools/linux-sandbox-pid1.cc @@ -211,15 +211,6 @@ static bool ShouldBeWritable(char *mnt_dir) { return false; } -static bool IsUnderTmpDir(const char *mnt_dir) { - for (const char *tmpfs_dir : opt.tmpfs_dirs) { - if (strstr(mnt_dir, tmpfs_dir) == mnt_dir) { - return true; - } - } - return false; -} - // Makes the whole filesystem read-only, except for the paths for which // ShouldBeWritable returns true. static void MakeFilesystemMostlyReadOnly() { @@ -230,13 +221,6 @@ static void MakeFilesystemMostlyReadOnly() { struct mntent *ent; while ((ent = getmntent(mounts)) != NULL) { - // Skip mounts that are under tmpfs directories because we've already - // replaced such directories with new tmpfs instances. - // mount() would fail with ENOENT if we tried to remount such mount points. - if (IsUnderTmpDir(ent->mnt_dir)) { - continue; - } - int mountFlags = MS_BIND | MS_REMOUNT; // MS_REMOUNT does not allow us to change certain flags. This means, we have @@ -271,17 +255,17 @@ static void MakeFilesystemMostlyReadOnly() { if (mount(NULL, ent->mnt_dir, NULL, mountFlags, NULL) < 0) { // If we get EACCES or EPERM, this might be a mount-point for which we // don't have read access. Not much we can do about this, but it also - // won't do any harm, so let's go on. The same goes for EINVAL, which is - // fired in case a later mount overlaps an earlier mount, e.g. consider - // the case of /proc, /proc/sys/fs/binfmt_misc and /proc, with the latter - // /proc being the one that an outer sandbox has mounted on top of its - // parent /proc. In that case, we're not allowed to remount + // won't do any harm, so let's go on. The same goes for EINVAL or ENOENT, + // which are fired in case a later mount overlaps an earlier mount, e.g. + // consider the case of /proc, /proc/sys/fs/binfmt_misc and /proc, with + // the latter /proc being the one that an outer sandbox has mounted on + // top of its parent /proc. In that case, we're not allowed to remount // /proc/sys/fs/binfmt_misc, because it is hidden. If we get ESTALE, the // mount is a broken NFS mount. In the ideal case, the user would either // fix or remove that mount, but in cases where that's not possible, we // should just ignore it. - if (errno != EACCES && errno != EINVAL && errno != ESTALE && - errno != EPERM) { + if (errno != EACCES && errno != EPERM && errno != EINVAL && + errno != ENOENT && errno != ESTALE) { DIE("remount(NULL, %s, NULL, %d, NULL)", ent->mnt_dir, mountFlags); } } -- cgit v1.2.3