matth
/
subgraph-oz
mirror of https://github.com/xSmurf/oz.git
1
1
Fork 0
Code Releases Activity

Moved creation of /tmp in setup before chroot for whitelist support

Browse Source
master
xSmurf 9 years ago
parent a7e891f4fc
commit 6f0a1ea94b
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
oz-init/init.go
Unescape View File

@ -628,7 +628,7 @@ func (st *initState) setupFilesystem(extra []oz.WhitelistItem) error {
if st.config.UseFullDev { if st.config.UseFullDev {
mo.add(fs.MountFullDev) mo.add(fs.MountFullDev)
} }
mo.add(fs.MountShm, fs.MountTmp, fs.MountPts) mo.add(fs.MountShm, /*fs.MountTmp, */fs.MountPts)
if !st.profile.NoSysProc { if !st.profile.NoSysProc {
mo.add(fs.MountProc, fs.MountSys) mo.add(fs.MountProc, fs.MountSys)
} }

6
oz-init/rootfs.go
Unescape View File

@ -131,6 +131,12 @@ func setupRootfs(fsys *fs.Filesystem, uid, gid uint32, useFullDev bool) error {
} }
} }
tp := path.Join(fsys.Root(), "/tmp")
tflags := uintptr(syscall.MS_NODEV | syscall.MS_NOSUID | syscall.MS_NOEXEC | syscall.MS_REC)
if err := syscall.Mount("", tp, "tmpfs", tflags, "mode=777"); err != nil {
return err
}
for _, sl := range append(basicSymlinks, deviceSymlinks...) { for _, sl := range append(basicSymlinks, deviceSymlinks...) {
if err := fsys.CreateSymlink(sl[0], sl[1]); err != nil { if err := fsys.CreateSymlink(sl[0], sl[1]); err != nil {
return err return err

Write Preview
Loading…
Cancel
Save