-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9x1nIACgkQrlYvE4MpobPiyACguriAyivSu8brb/PQiIaqxFCe
ssEAn0533GClEIiFUGAuiajNbj94mvcO
=/X4V
-----END PGP SIGNATURE-----
>From 9c963a2c3b94630cb4d3395771e1dc9004d9cbca Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Tue, 3 Jan 2012 13:45:08 -0500
Subject: [PATCH 13/73] policycoreutils: sandbox: do not propogate inside
mounts outside
Fix the handling of namespaces in seunshare/sandbox.
Currently mounting of directories within sandbox is propogating to the
parent namesspace. This fix will basically isolate any mounting that
happens after the unshare from the parent namespace.
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx
---
policycoreutils/sandbox/seunshare.c | 29 ++++++++++-------------------
1 file changed, 10 insertions(+), 19 deletions(-)
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
index c493e98..a084e0e 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
@@ -43,8 +43,8 @@
#define MS_REC 1<<14
#endif
-#ifndef MS_PRIVATE
-#define MS_PRIVATE 1<<18
+#ifndef MS_SLAVE
+#define MS_SLAVE 1<<19
#endif
#ifndef PACKAGE
@@ -255,7 +255,7 @@ static int verify_shell(const char *shell_name)
*/
static int seunshare_mount(const char *src, const char *dst, struct stat *src_st)
{
- int flags = MS_REC;
+ int flags = 0;
int is_tmp = 0;
if (verbose)
@@ -267,14 +267,6 @@ static int seunshare_mount(const char *src, const char *dst, struct stat *src_st
}
/* mount directory */
- if (mount(dst, dst, NULL, MS_BIND | flags, NULL) < 0) {
- fprintf(stderr, _("Failed to mount %s on %s: %s\n"), dst, dst, strerror(errno));
- return -1;
- }
- if (mount(dst, dst, NULL, MS_PRIVATE | flags, NULL) < 0) {
- fprintf(stderr, _("Failed to make %s private: %s\n"), dst, strerror(errno));
- return -1;
- }
if (mount(src, dst, NULL, MS_BIND | flags, NULL) < 0) {
fprintf(stderr, _("Failed to mount %s on %s: %s\n"), src, dst, strerror(errno));
return -1;
@@ -288,14 +280,6 @@ static int seunshare_mount(const char *src, const char *dst, struct stat *src_st
if (verbose)
printf(_("Mounting /tmp on /var/tmp\n"));
- if (mount("/var/tmp", "/var/tmp", NULL, MS_BIND | flags, NULL) < 0) {
- fprintf(stderr, _("Failed to mount /var/tmp on /var/tmp: %s\n"), strerror(errno));
- return -1;
- }
- if (mount("/var/tmp", "/var/tmp", NULL, MS_PRIVATE | flags, NULL) < 0) {
- fprintf(stderr, _("Failed to make /var/tmp private: %s\n"), strerror(errno));
- return -1;
- }
if (mount("/tmp", "/var/tmp", NULL, MS_BIND | flags, NULL) < 0) {
fprintf(stderr, _("Failed to mount /tmp on /var/tmp: %s\n"), strerror(errno));
return -1;
@@ -967,6 +951,13 @@ int main(int argc, char **argv) {
goto childerr;
}
+ /* Remount / as SLAVE so that nothing mounted in the namespace
+ shows up in the parent */
+ if (mount("none", "/", NULL, MS_SLAVE | MS_REC , NULL) < 0) {
+ perror(_("Failed to make / a SLAVE mountpoint\n"));
+ goto childerr;
+ }
+
/* assume fsuid==ruid after this point */
setfsuid(uid);
--
1.7.9.3
