Moved creation of /tmp in setup before chroot for whitelist support

master
xSmurf 10 years ago
parent a7e891f4fc
commit 6f0a1ea94b

@ -628,7 +628,7 @@ func (st *initState) setupFilesystem(extra []oz.WhitelistItem) error {
if st.config.UseFullDev { if st.config.UseFullDev {
mo.add(fs.MountFullDev) mo.add(fs.MountFullDev)
} }
mo.add(fs.MountShm, fs.MountTmp, fs.MountPts) mo.add(fs.MountShm, /*fs.MountTmp, */fs.MountPts)
if !st.profile.NoSysProc { if !st.profile.NoSysProc {
mo.add(fs.MountProc, fs.MountSys) mo.add(fs.MountProc, fs.MountSys)
} }

@ -131,6 +131,12 @@ func setupRootfs(fsys *fs.Filesystem, uid, gid uint32, useFullDev bool) error {
} }
} }
tp := path.Join(fsys.Root(), "/tmp")
tflags := uintptr(syscall.MS_NODEV | syscall.MS_NOSUID | syscall.MS_NOEXEC | syscall.MS_REC)
if err := syscall.Mount("", tp, "tmpfs", tflags, "mode=777"); err != nil {
return err
}
for _, sl := range append(basicSymlinks, deviceSymlinks...) { for _, sl := range append(basicSymlinks, deviceSymlinks...) {
if err := fsys.CreateSymlink(sl[0], sl[1]); err != nil { if err := fsys.CreateSymlink(sl[0], sl[1]); err != nil {
return err return err

Loading…
Cancel
Save