login: tag the Mimo 720 ID_AUTOSEAT

[elogind.git] / src / namespace.c

diff --git a/src/namespace.c b/src/namespace.c
index 54b22f494e5fc4a58d9017fa95fa0191589943aa..09bc82909f0f4d246b758b3606a6bb199735b983 100644 (file)
--- a/src/namespace.c
+++ b/src/namespace.c
@@ -253,11 +253,19 @@ int setup_namespace(
         }
 
         if (need_private) {
+                mode_t u;
+
                 memcpy(private_dir, tmp_dir, sizeof(tmp_dir)-1);
+
+                u = umask(0000);
                 if (mkdir(private_dir, 0777 + S_ISVTX) < 0) {
+                        umask(u);
+
                         r = -errno;
                         goto fail;
                 }
+
+                umask(u);
                 remove_private = true;
         }
 
@@ -266,8 +274,12 @@ int setup_namespace(
                 goto fail;
         }
 
-        /* We assume that by default mount events from us won't be
-         * propagated to the root namespace. */
+        /* Remount / as SLAVE so that nothing mounted in the namespace
+           shows up in the parent */
+        if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
+                r = -errno;
+                goto fail;
+        }
 
         for (p = paths; p < paths + n; p++)
                 if ((r = apply_mount(p, root_dir, inaccessible_dir, private_dir, flags)) < 0)