diff options
| author | Lennart Poettering <lennart@poettering.net> | 2012-04-12 12:58:08 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2012-04-12 12:58:19 +0200 |
| commit | 68fb08920b2162b48cf0fa8dd98b021327b42896 (patch) | |
| tree | c4dd839a997bcd349f9fae90a01fd8a8937783c6 | |
| parent | 2abf99ac076299d80ed595fa4ae5cc46bb455975 (diff) | |
nspawn: bind mount /dev/nul to /proc/kmsg, so that the container can't muck with the host kmsg
| -rw-r--r-- | src/nspawn.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/nspawn.c b/src/nspawn.c index 7b65e9853..685b4d4e5 100644 --- a/src/nspawn.c +++ b/src/nspawn.c @@ -184,7 +184,8 @@ static int mount_all(const char *dest) { break; } - if ((t = path_is_mount_point(where, false)) < 0) { + t = path_is_mount_point(where, false); + if (t < 0) { log_error("Failed to detect whether %s is a mount point: %s", where, strerror(-t)); free(where); @@ -229,6 +230,11 @@ static int mount_all(const char *dest) { free(where); } + if (asprintf(&where, "%s/proc/kmsg", dest) >= 0) { + mount("/dev/null", where, "bind", MS_BIND, NULL); + free(where); + } + return r; } |