|
|
|
@ -226,6 +226,9 @@ func (fs *Filesystem) blacklist(target string) error {
|
|
|
|
if err := syscall.Mount(fs.absPath(src), fs.absPath(t), "", syscall.MS_BIND, "mode=400,gid=0"); err != nil {
|
|
|
|
if err := syscall.Mount(fs.absPath(src), fs.absPath(t), "", syscall.MS_BIND, "mode=400,gid=0"); err != nil {
|
|
|
|
return fmt.Errorf("failed to bind %s -> %s for blacklist: %v", src, t, err)
|
|
|
|
return fmt.Errorf("failed to bind %s -> %s for blacklist: %v", src, t, err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := remount(fs.absPath(t), syscall.MS_RDONLY); err != nil {
|
|
|
|
|
|
|
|
return fmt.Errorf("failed to bind %s -> %s for blacklist: %v", src, t, err)
|
|
|
|
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
xSmurf
10 years ago