projects
/
project
/
procd.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
jail: mount more stuff read-only
[project/procd.git]
/
jail
/
jail.c
diff --git
a/jail/jail.c
b/jail/jail.c
index 08e95e9903fce2190a03a99ed5198ecf187908d5..9f806b579be346c81bcea4bec00dceb3425c0f41 100644
(file)
--- a/
jail/jail.c
+++ b/
jail/jail.c
@@
-2602,17
+2602,17
@@
static void post_main(struct uloop_timeout *t)
if (has_namespaces()) {
if (opts.namespace & CLONE_NEWNS) {
if (!opts.extroot && (opts.user || opts.group)) {
if (has_namespaces()) {
if (opts.namespace & CLONE_NEWNS) {
if (!opts.extroot && (opts.user || opts.group)) {
- add_mount_bind("/etc/passwd",
0
, -1);
- add_mount_bind("/etc/group",
0
, -1);
+ add_mount_bind("/etc/passwd",
1
, -1);
+ add_mount_bind("/etc/group",
1
, -1);
}
#if defined(__GLIBC__)
if (!opts.extroot)
}
#if defined(__GLIBC__)
if (!opts.extroot)
- add_mount_bind("/etc/nsswitch.conf",
0
, -1);
+ add_mount_bind("/etc/nsswitch.conf",
1
, -1);
#endif
if (!(opts.namespace & CLONE_NEWNET)) {
#endif
if (!(opts.namespace & CLONE_NEWNET)) {
- add_mount_bind("/etc/resolv.conf",
0
, -1);
+ add_mount_bind("/etc/resolv.conf",
1
, -1);
} else if (opts.setns.net == -1) {
char hostdir[PATH_MAX];
} else if (opts.setns.net == -1) {
char hostdir[PATH_MAX];