Add a pre-chroot hook
This hook can be used to perform some setup in the mount namespace,
prior to calling chroot(2)/pivot_root(2).
Bug: 65462041
Change-Id: If4399c3642d86a107de4849a328836e9fc0ccdbf
Test: hook is called in the appropriate place
diff --git a/libminijail.c b/libminijail.c
index 0249505..c31af06 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -187,6 +187,9 @@
size_t preserved_fd_count;
};
+static void run_hooks_or_die(const struct minijail *j,
+ minijail_hook_event_t event);
+
/*
* Strip out flags meant for the parent.
* We keep things that are not inherited across execve(2) (e.g. capabilities),
@@ -1262,6 +1265,8 @@
if (j->mounts_head && (ret = mount_one(j, j->mounts_head)))
return ret;
+ run_hooks_or_die(j, MINIJAIL_HOOK_EVENT_PRE_CHROOT);
+
if (chroot(j->chrootdir))
return -errno;
@@ -1278,6 +1283,8 @@
if (j->mounts_head && (ret = mount_one(j, j->mounts_head)))
return ret;
+ run_hooks_or_die(j, MINIJAIL_HOOK_EVENT_PRE_CHROOT);
+
/*
* Keep the fd for both old and new root.
* It will be used in fchdir(2) later.
@@ -1698,6 +1705,8 @@
return "pre-drop-caps";
case MINIJAIL_HOOK_EVENT_PRE_EXECVE:
return "pre-execve";
+ case MINIJAIL_HOOK_EVENT_PRE_CHROOT:
+ return "pre-chroot";
case MINIJAIL_HOOK_EVENT_MAX:
/*
* Adding this in favor of a default case to force the
diff --git a/libminijail.h b/libminijail.h
index a783067..15fa124 100644
--- a/libminijail.h
+++ b/libminijail.h
@@ -51,6 +51,9 @@
/* The hook will run just before calling execve(2). */
MINIJAIL_HOOK_EVENT_PRE_EXECVE,
+ /* The hook will run just before calling chroot(2) / pivot_root(2). */
+ MINIJAIL_HOOK_EVENT_PRE_CHROOT,
+
/* Sentinel for error checking. Must be last. */
MINIJAIL_HOOK_EVENT_MAX,
} minijail_hook_event_t;