Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / minijail / 3901da6e0bd4c709dda5506b5bb28177aca31abe^! / . / libminijail.c
commit3901da6e0bd4c709dda5506b5bb28177aca31abe[log] [tgz]
authorJorge Lucangeli Obes <jorgelo@chromium.org>Tue Mar 03 13:55:11 2015 -0800
committerChromeOS Commit Bot <chromeos-commit-bot@chromium.org>Wed Mar 04 07:28:49 2015 +0000
tree1c5639ead5971e3c200cff9ae7690f2cd0a93d52
parente6bd8cc9ec47646b22902e004fb615c72278ab0c [diff] [blame]
minijail: Allow tmpfs /tmp mount without a chroot.

There's no need to require a chroot to mount a clean tmpfs /tmp.
Also, halve the size of the tmpfs to 64M.

BUG=brillo:439
TEST=Unit tests, security_Minijail pass.
TEST='minijail0 -u nobody -g nobody -t -- mount' shows tmpfs mount.

Change-Id: Iee84160cee0487a0e7e0807b64ba54f6b3980e83
Reviewed-on: https://chromium-review.googlesource.com/255650
Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org>
Trybot-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Lee Campbell <leecam@chromium.org>

diff --git a/libminijail.c b/libminijail.c
index 7a18831..65dab2f 100644
--- a/libminijail.c
+++ b/libminijail.c

@@ -620,7 +620,7 @@
 
 int mount_tmp(void)
 {
-	return mount("none", "/tmp", "tmpfs", 0, "size=128M,mode=777");
+	return mount("none", "/tmp", "tmpfs", 0, "size=64M,mode=777");
 }
 
 int remount_readonly(void)
@@ -802,7 +802,7 @@
 	if (j->flags.chroot && enter_chroot(j))
 		pdie("chroot");
 
-	if (j->flags.chroot && j->flags.mount_tmp && mount_tmp())
+	if (j->flags.mount_tmp && mount_tmp())
 		pdie("mount_tmp");
 
 	if (j->flags.readonly && remount_readonly())