From 299f585a0692b6e7a438a25a6577fc6f777659ea Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 23 Mar 2018 20:52:46 +0100 Subject: [PATCH] process-util: add a new FORK_MOUNTNS_SLAVE flag for safe_fork() We already have a flag for creating a new mount namespace for the child. Let's add an extension to that: a new FORK_MOUNTNFS_SLAVE flag. When used in combination will mark all mounts in the child namespace as MS_SLAVE so that the child can freely mount or unmount stuff but it won't leak into the parent. --- src/basic/process-util.c | 11 +++++++++++ src/basic/process-util.h | 1 + 2 files changed, 12 insertions(+) diff --git a/src/basic/process-util.c b/src/basic/process-util.c index 43bad9009..a52f95e76 100644 --- a/src/basic/process-util.c +++ b/src/basic/process-util.c @@ -17,6 +17,7 @@ #include #include #include +//#include #include #include #include @@ -1356,6 +1357,16 @@ int safe_fork_full( } } + if ((flags & (FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE)) == (FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE)) { + + /* Optionally, make sure we never propagate mounts to the host. */ + + if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) { + log_full_errno(prio, errno, "Failed to remount root directory as MS_SLAVE: %m"); + _exit(EXIT_FAILURE); + } + } + if (flags & FORK_CLOSE_ALL_FDS) { /* Close the logs here in case it got reopened above, as close_all_fds() would close them for us */ log_close(); diff --git a/src/basic/process-util.h b/src/basic/process-util.h index a5f749b4e..042f24933 100644 --- a/src/basic/process-util.h +++ b/src/basic/process-util.h @@ -181,6 +181,7 @@ typedef enum ForkFlags { FORK_LOG = 1U << 5, FORK_WAIT = 1U << 6, FORK_NEW_MOUNTNS = 1U << 7, + FORK_MOUNTNS_SLAVE = 1U << 8, } ForkFlags; int safe_fork_full(const char *name, const int except_fds[], size_t n_except_fds, ForkFlags flags, pid_t *ret_pid); -- 2.30.2