matth
/
subgraph-oz
mirror of https://github.com/xSmurf/oz.git
1
1
Fork 0
Code Releases Activity

Blacklist items binded as readonly... take two

Browse Source
master
xSmurf 10 years ago
parent 858702d89b
commit 0c0da4a5b1
1 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File

20
fs/fs.go
Unescape View File

@ -226,9 +226,6 @@ func (fs *Filesystem) blacklist(target string) error {
if err := syscall.Mount(fs.absPath(src), fs.absPath(t), "", syscall.MS_BIND, "mode=400,gid=0"); err != nil { if err := syscall.Mount(fs.absPath(src), fs.absPath(t), "", syscall.MS_BIND, "mode=400,gid=0"); err != nil {
return fmt.Errorf("failed to bind %s -> %s for blacklist: %v", src, t, err) return fmt.Errorf("failed to bind %s -> %s for blacklist: %v", src, t, err)
} }
if err := remount(fs.absPath(t), syscall.MS_RDONLY); err != nil {
return fmt.Errorf("failed to bind %s -> %s for blacklist: %v", src, t, err)
}
return nil return nil
} }
@ -325,9 +322,26 @@ func (fs *Filesystem) CreateBlacklistPaths() error {
if err := createBlacklistDir(fs.absPath(emptyDirPath)); err != nil { if err := createBlacklistDir(fs.absPath(emptyDirPath)); err != nil {
return err return err
} }
if err := rdonlyBindBlacklistItem(fs.absPath(emptyDirPath)); err != nil {
return err
}
if err := createBlacklistFile(fs.absPath(emptyFilePath)); err != nil { if err := createBlacklistFile(fs.absPath(emptyFilePath)); err != nil {
return err return err
} }
if err := rdonlyBindBlacklistItem(fs.absPath(emptyFilePath)); err != nil {
return err
}
return nil
}
func rdonlyBindBlacklistItem(target string) error {
if err := syscall.Mount(target, target, "", syscall.MS_BIND, "mode=400,gid=0"); err != nil {
return err
}
if err := remount(target, syscall.MS_RDONLY); err != nil {
return err
}
return nil return nil
} }

Write Preview
Loading…
Cancel
Save