picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

namespace: invoke unshare() only after checking all parameters 

Let's create the new namespace only after we validated and processed all
parameters, right before we start with actually mounting things.

This way, the window where we can roll back is larger (not that it matters
IRL...)
This commit is contained in:
Lennart Poettering 2016-08-25 17:30:47 +02:00 committed by Djalal Harouni
parent 096424d123
commit 1e4e94c881
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/core/namespace.c
View File

@ -462,9 +462,6 @@ int setup_namespace(
if (mount_flags == 0)
mount_flags = MS_SHARED;
if (unshare(CLONE_NEWNS) < 0)
return -errno;
n = !!tmp_dir + !!var_tmp_dir +
strv_length(read_write_paths) +
strv_length(read_only_paths) +
@ -606,6 +603,9 @@ int setup_namespace(
drop_nop(mounts, &n);
}
if (unshare(CLONE_NEWNS) < 0)
return -errno;
if (n > 0 || root_directory) {
/* Remount / as SLAVE so that nothing now mounted in the namespace
shows up in the parent */