X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fnamespace.c;h=09bc82909f0f4d246b758b3606a6bb199735b983;hb=27d1ae066c31e01a2eaea82759f1ad71e86e0bac;hp=09bcaff9684845ee121544f3ebd7151a503100e5;hpb=e99e38bbdcca3fe5956823bdb3d38544ccf93221;p=elogind.git

diff --git a/src/namespace.c b/src/namespace.c
index 09bcaff96..09bc82909 100644
--- a/src/namespace.c
+++ b/src/namespace.c
@@ -1,4 +1,4 @@
-/*-*- Mode: C; c-basic-offset: 8 -*-*/
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
 
 /***
   This file is part of systemd.
@@ -151,6 +151,9 @@ static int apply_mount(Path *p, const char *root_dir, const char *inaccessible_d
         case PRIVATE:
                 what = private_dir;
                 break;
+
+        default:
+                assert_not_reached("Unknown mode");
         }
 
         if ((r = mount(what, where, NULL, MS_BIND|MS_REC, NULL)) >= 0) {
@@ -158,11 +161,11 @@ static int apply_mount(Path *p, const char *root_dir, const char *inaccessible_d
 
                 /* The bind mount will always inherit the original
                  * flags. If we want to set any flag we need
-                 * to do so in a second indepdant step. */
+                 * to do so in a second independent step. */
                 if (flags)
                         r = mount(NULL, where, NULL, MS_REMOUNT|MS_BIND|MS_REC|flags, NULL);
 
-                /* Avoid expontial growth of trees */
+                /* Avoid exponential growth of trees */
                 if (r >= 0 && path_equal(p->path, "/"))
                         r = mount(NULL, where, NULL, MS_REMOUNT|MS_BIND|MS_UNBINDABLE|flags, NULL);
 
@@ -250,11 +253,19 @@ int setup_namespace(
         }
 
         if (need_private) {
+                mode_t u;
+
                 memcpy(private_dir, tmp_dir, sizeof(tmp_dir)-1);
+
+                u = umask(0000);
                 if (mkdir(private_dir, 0777 + S_ISVTX) < 0) {
+                        umask(u);
+
                         r = -errno;
                         goto fail;
                 }
+
+                umask(u);
                 remove_private = true;
         }
 
@@ -263,8 +274,12 @@ int setup_namespace(
                 goto fail;
         }
 
-        /* We assume that by default mount events from us won't be
-         * propagated to the root namespace. */
+        /* Remount / as SLAVE so that nothing mounted in the namespace
+           shows up in the parent */
+        if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
+                r = -errno;
+                goto fail;
+        }
 
         for (p = paths; p < paths + n; p++)
                 if ((r = apply_mount(p, root_dir, inaccessible_dir, private_dir, flags)) < 0)