Print an error when attempting to use bind mounts without chroot.
Bind mounts should be used with chroot or pivot_root. Print an error
and exit when that's not the case.
Clean up some comments and error messages while in there.
Bug: 26784268
Change-Id: I4e384a989e1aef5b2989c4f17e047a9ac7cadbc8
diff --git a/libminijail.c b/libminijail.c
index 2cc6557..0806d17 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -993,14 +993,14 @@
char *dest;
int remount_ro = 0;
- /* dest has a leading "/" */
+ /* |dest| has a leading "/". */
if (asprintf(&dest, "%s%s", j->chrootdir, m->dest) < 0)
return -ENOMEM;
/*
- * R/O bind mounts have to be remounted since bind and ro can't both be
- * specified in the original bind mount. Remount R/O after the initial
- * mount.
+ * R/O bind mounts have to be remounted since 'bind' and 'ro'
+ * can't both be specified in the original bind mount.
+ * Remount R/O after the initial mount.
*/
if ((m->flags & MS_BIND) && (m->flags & MS_RDONLY)) {
remount_ro = 1;
@@ -1344,6 +1344,9 @@
pdie("unshare(net)");
}
+ if (j->mounts_head && !(j->flags.chroot || j->flags.pivot_root))
+ die("can't bind-mount without chroot or pivot_root");
+
if (j->flags.chroot && enter_chroot(j))
pdie("chroot");
@@ -1636,7 +1639,7 @@
if (!use_preload) {
if (j->flags.caps)
- die("Capabilities are not supported without "
+ die("capabilities are not supported without "
"LD_PRELOAD");
}