chiark / gitweb /
nspawn: bind mount /dev/nul to /proc/kmsg, so that the container can't muck with...
authorLennart Poettering <lennart@poettering.net>
Thu, 12 Apr 2012 10:58:08 +0000 (12:58 +0200)
committerLennart Poettering <lennart@poettering.net>
Thu, 12 Apr 2012 10:58:19 +0000 (12:58 +0200)
src/nspawn.c

index 7b65e98..685b4d4 100644 (file)
@@ -184,7 +184,8 @@ static int mount_all(const char *dest) {
                         break;
                 }
 
-                if ((t = path_is_mount_point(where, false)) < 0) {
+                t = path_is_mount_point(where, false);
+                if (t < 0) {
                         log_error("Failed to detect whether %s is a mount point: %s", where, strerror(-t));
                         free(where);
 
@@ -229,6 +230,11 @@ static int mount_all(const char *dest) {
                 free(where);
         }
 
+        if (asprintf(&where, "%s/proc/kmsg", dest) >= 0) {
+                mount("/dev/null", where, "bind", MS_BIND, NULL);
+                free(where);
+        }
+
         return r;
 }