jail: always mount /dev as additional tmpfs

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
author: Daniel Golle 2020-04-14 14:46:03 +0000
committer: Daniel Golle 2020-04-14 14:47:10 +0000
commit: a4cc165a9fdcc9d76a0ba58a2e9ccde605e5f40d (patch)
tree: 8a0abe309ce206a17f95c7460ef7759f28fcd70d
parent: a4d644228ff60ec2ac8775b64dcaea4608ce6063 (diff)
download: procd-a4cc165a9fdcc9d76a0ba58a2e9ccde605e5f40d.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/jail/jail.c b/jail/jail.c
index 87b671b..ca8b832 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -187,6 +187,7 @@ static int build_jail_fs(void)
 {
 	char jail_root[] = "/tmp/ujail-XXXXXX";
 	char tmpovdir[] = "/tmp/ujail-overlay-XXXXXX";
+	char tmpdevdir[] = "/tmp/ujail-XXXXXX/dev";
 	char *overlaydir = NULL;
 
 	if (mkdtemp(jail_root) == NULL) {
@@ -240,6 +241,11 @@ static int build_jail_fs(void)
 		return -1;
 	}
 
+	snprintf(tmpdevdir, sizeof(tmpdevdir), "%s/dev", jail_root);
+	mkdir_p(tmpdevdir, 0755);
+	if (mount(NULL, tmpdevdir, "tmpfs", MS_NOATIME | MS_NOEXEC | MS_NOSUID, "size=1M"))
+		return -1;
+
 	if (mount_all(jail_root)) {
 		ERROR("mount_all() failed\n");
 		return -1;
author	Daniel Golle	2020-04-14 14:46:03 +0000
committer	Daniel Golle	2020-04-14 14:47:10 +0000
commit	a4cc165a9fdcc9d76a0ba58a2e9ccde605e5f40d (patch)
tree	8a0abe309ce206a17f95c7460ef7759f28fcd70d
parent	a4d644228ff60ec2ac8775b64dcaea4608ce6063 (diff)
download	procd-a4cc165a9fdcc9d76a0ba58a2e9ccde605e5f40d.tar.gz