Robert Swiecki
7917222486
mount: Use /tmp/nsjail.[tmp|root].<orig_euid>
2017-06-21 18:29:02 +02:00
Robert Swiecki
9519f1038b
mount: introduce mountDescribeMountPt
2017-05-29 16:52:24 +02:00
Robert Swiecki
aeb2e998b8
mount: mount src_content files from other tmpfs, to avoid shadowing / of the root tmpfs with some other FS
2017-05-29 16:39:08 +02:00
Robert Swiecki
f84d20632d
mount: remove tmp file after use
2017-05-29 04:50:29 +02:00
Robert Swiecki
6380474301
Simplify mountMount
2017-05-29 03:29:14 +02:00
Robert Swiecki
0271586e81
Get rid of pivot_root_only - achieve the same in different way
2017-05-29 03:11:32 +02:00
Robert Swiecki
7b2fc9cdac
add configs/firefox-with-cloned-net.cfg
2017-05-28 16:56:16 +02:00
Robert Swiecki
1df9e9d2e1
mount: fewer warnings in a mount pt is non-mandatory #2
2017-05-28 14:53:16 +02:00
Robert Swiecki
adc14c6f18
mount: fewer warnings in a mount pt is non-mandatory
2017-05-28 14:51:09 +02:00
Robert Swiecki
5697492122
mount: canonicalize paths
2017-05-28 03:19:13 +02:00
Robert Swiecki
e68acd68eb
Support envvars on mount path definitions
2017-05-28 00:15:53 +02:00
Robert Swiecki
f2b0d039aa
mount: less logging from mountIsDir
2017-05-27 20:19:36 +02:00
Robert Swiecki
a3e673847e
mountIsDir: PLOG_E() -> PLOG_W()
2017-05-27 19:18:56 +02:00
Robert Swiecki
278711062a
mount: better logging for failed mounts #2
2017-05-27 19:14:55 +02:00
Robert Swiecki
b09f2d0a5d
mount: better logging for failed mounts
2017-05-27 19:11:19 +02:00
Robert Swiecki
71588194f3
config: smaller fixes (logging/comments)
2017-05-27 16:47:12 +02:00
Robert Swiecki
ec50c1346d
mount: nonmandatory mounts
2017-05-27 15:17:11 +02:00
Robert Swiecki
f0cb243a89
config: allow skipping arguments in mount points
2017-05-27 15:01:34 +02:00
Robert Swiecki
c1165cf120
mount: simplify checking for whether source is dir or file
2017-05-24 14:46:44 +02:00
Robert Swiecki
73aa285121
Rework RemountRO slightly
2017-05-22 03:34:54 +02:00
Robert Swiecki
0d5befbd6f
TLS semantics for subprocCloneFlagsToStr and mountFlagsToStr
2017-05-22 01:10:49 +02:00
Robert Swiecki
609cbd6480
mount: fix new_flags while remounting RO
2017-05-21 22:52:55 +02:00
Robert Swiecki
8f243f07c7
mount: log msgs
2017-05-21 22:33:48 +02:00
Robert Swiecki
9509d3740d
Make structs for flags printing more const
2017-05-21 19:46:03 +02:00
Robert Swiecki
a60f84d7e2
Add flags printing for clone()
2017-05-21 19:44:54 +02:00
Robert Swiecki
525ba9e2dd
Convert mount flags to str
2017-05-21 17:37:18 +02:00
Robert Swiecki
a1c0cbacbd
mount: log
2017-02-10 02:25:50 +01:00
Robert Swiecki
4dd5c38f91
Use subprocClone instead of syscall(__NR_clone)
2016-10-18 09:47:15 +02:00
Robert Swiecki
37a5d15fa8
Comment type + make indent
2016-10-17 22:53:31 +02:00
Stephen Röttger
cf4f197684
Don't mount over / if pivot_root_only is enabled
...
The intention behind pivot_root_only is to support nested user
namespaces. However, if we bind mount over /, which happens by default,
the kernel will deny CLONE_NEWUSER.
2016-09-30 16:30:59 +02:00
Stephen Röttger
c647ebb74f
remove /old_root on --pivot_root_only
2016-09-30 16:30:59 +02:00
Stephen Röttger
f4d43e3336
New option pivot_root_only to support nested namespaces
...
If pivot_root_only is setthe chroot in the job setup will be skipped.
2016-09-30 16:30:59 +02:00
Jagger
ee7de33531
Use O_CLOEXEC when possible to avoid leaking FDs
2016-09-10 03:20:32 +02:00
Robert Swiecki
d96f730631
Recursive dir creation
2016-08-18 18:59:06 +02:00
Jagger
dba13a2aae
Use old NULL mount semantics
2016-08-16 21:12:23 +02:00
Robert Swiecki
26e539884a
Names in mount:
2016-08-16 19:59:51 +02:00
Robert Swiecki
4be7646379
Different way of mounting things
2016-08-16 19:54:50 +02:00
Robert Swiecki
1dc33c7bcf
Remove defer{} calls
2016-07-29 15:38:22 +02:00
Robert Swiecki
432c82bb34
Make it a bit more standards friendly
2016-07-21 15:48:47 +02:00
Jagger
a1f0ec7925
Support for CLONE_NEWCGROUP
2016-06-19 11:55:55 +02:00
Jagger
df97c0fe74
Use NULL as src for mounting proc and tmpfs
2016-06-19 01:35:06 +02:00
Jagger
d78e141f70
Use a subprocess to setup unshare mount /proc
2016-05-12 22:25:48 +02:00
Robert Swiecki
6e25d47eba
Cover interruptible syscalls with TEMP_FAILURE_RETRY
2016-05-09 15:16:26 +02:00
Robert Swiecki
db4a90d225
Print warning with failing umount
2016-03-23 17:23:18 +01:00
Robert Swiecki
66d3a14530
Remove the tmpfs from /tmp is we are mounting / as root
2016-03-23 17:08:52 +01:00
Robert Swiecki
e02d4e4edf
Separate mount.c module
2016-03-03 15:37:04 +01:00