namespace: drop all mounts outside of the new root directory

There's no point in mounting these, if they are outside of the root directory we'll move to.
2025-01-13 17:18:18 +03:00 · 2016-08-26 17:25:40 +02:00 · 2016-08-26 17:25:40 +02:00 · cd2902c954
commit cd2902c954
parent 54500613a4
1 changed files with 26 additions and 0 deletions
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@ -199,6 +199,31 @@ static void drop_nop(BindMount *m, unsigned *n) {
        *n = t - m;
 }

+static void drop_outside_root(const char *root_directory, BindMount *m, unsigned *n) {
+        BindMount *f, *t;
+
+        assert(m);
+        assert(n);
+
+        if (!root_directory)
+                return;
+
+        /* Drops all mounts that are outside of the root directory. */
+
+        for (f = m, t = m; f < m+*n; f++) {
+
+                if (!path_startswith(f->path, root_directory)) {
+                        log_debug("%s is outside of root directory.", f->path);
+                        continue;
+                }
+
+                *t = *f;
+                t++;
+        }
+
+        *n = t - m;
+}
+
 static int mount_dev(BindMount *m) {
        static const char devnodes[] =
                "/dev/null\0"
@ -631,6 +656,7 @@ int setup_namespace(
                qsort(mounts, n, sizeof(BindMount), mount_path_compare);

                drop_duplicates(mounts, &n);
+                drop_outside_root(root_directory, mounts, &n);
                drop_inaccessible(mounts, &n);
                drop_nop(mounts, &n);
        }