-/*-*- Mode: C; c-basic-offset: 8 -*-*/
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
/***
This file is part of systemd.
/* The bind mount will always inherit the original
* flags. If we want to set any flag we need
- * to do so in a second indepdant step. */
+ * to do so in a second independent step. */
if (flags)
r = mount(NULL, where, NULL, MS_REMOUNT|MS_BIND|MS_REC|flags, NULL);
- /* Avoid expontial growth of trees */
+ /* Avoid exponential growth of trees */
if (r >= 0 && path_equal(p->path, "/"))
r = mount(NULL, where, NULL, MS_REMOUNT|MS_BIND|MS_UNBINDABLE|flags, NULL);
}
if (need_private) {
+ mode_t u;
+
memcpy(private_dir, tmp_dir, sizeof(tmp_dir)-1);
+
+ u = umask(0000);
if (mkdir(private_dir, 0777 + S_ISVTX) < 0) {
+ umask(u);
+
r = -errno;
goto fail;
}
+
+ umask(u);
remove_private = true;
}
goto fail;
}
- /* We assume that by default mount events from us won't be
- * propagated to the root namespace. */
+ /* Remount / as SLAVE so that nothing mounted in the namespace
+ shows up in the parent */
+ if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
+ r = -errno;
+ goto fail;
+ }
for (p = paths; p < paths + n; p++)
if ((r = apply_mount(p, root_dir, inaccessible_dir, private_dir, flags)) < 0)
~ianmdlvl / elogind.git / blobdiff