diff options
| author | Daniel Golle | 2020-04-12 14:51:49 +0000 |
|---|---|---|
| committer | Daniel Golle | 2020-04-12 18:51:50 +0000 |
| commit | 32c717e18ee3f73a68ac854cfc5ba9e7cbf8c3b1 (patch) | |
| tree | 149f3e8bc10c2300a9a470510a7caf8290112001 | |
| parent | 28a06e55cd4235faf52638dd85709e3da04c5c06 (diff) | |
| download | procd-32c717e18ee3f73a68ac854cfc5ba9e7cbf8c3b1.tar.gz | |
jail: only mess with rootfs if CLONE_NEWNS was set
Avoid messing up rootfs of the parent/only mount namespace for the
unusual case of a jailed process which does use namespaces, but
doesn't make use of mount namespaces.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
| -rw-r--r-- | jail/jail.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/jail/jail.c b/jail/jail.c index ec106d2..fa8da01 100644 --- a/jail/jail.c +++ b/jail/jail.c @@ -502,7 +502,7 @@ static int exec_jail(void *pipes_ptr) exit(EXIT_FAILURE); } - if (opts.namespace && build_jail_fs()) { + if ((opts.namespace & CLONE_NEWNS) && build_jail_fs()) { ERROR("failed to build jail fs\n"); exit(EXIT_FAILURE); } |