jyapayne/anbox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make our mounts private to our namespace

Browse source 
That way they don't end up in the host namespace in any case. Only the
loop device we're allocating remains visible as there is currently no
real separation between containers on loop device usage.
This commit is contained in:
Simon Fels 2017-02-20 08:18:02 +01:00
commit fc49cc3895
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/anbox/cmds/container_manager.cpp
View file

@ -109,7 +109,7 @@ bool anbox::cmds::ContainerManager::setup_mounts() {
return false;
}
auto m = common::MountEntry::create(loop_device, android_rootfs_dir, "squashfs", MS_MGC_VAL | MS_RDONLY);
auto m = common::MountEntry::create(loop_device, android_rootfs_dir, "squashfs", MS_MGC_VAL | MS_RDONLY | MS_PRIVATE);
if (!m) {
ERROR("Failed to mount Android rootfs");
return false;
@ -133,7 +133,7 @@ bool anbox::cmds::ContainerManager::setup_mounts() {
}
}
auto m = common::MountEntry::create(src_dir_path, target_dir_path, "", MS_MGC_VAL | MS_BIND);
auto m = common::MountEntry::create(src_dir_path, target_dir_path, "", MS_MGC_VAL | MS_BIND | MS_PRIVATE);
if (!m) {
ERROR("Failed to mount Android %s directory", dir_name);
mounts_.clear();