minijail: Add ability to specify mounts
In addition to bind mounts, allow other mounts to be specified when
running minijail. Expose this as a -k option to minijail0.
This will allow for file systems such as proc, sysfs, and devpts to be
mounted before taking away the permisison to mount from the target
program.
For example "-k sysfs,/sys,sysfs,0xe" will mount /sys in the new vfs
namespace.
BUG=b/24976046
TEST=Mount sysfs, run a shell, check that sysfs is mounted.
Change-Id: I9862e42e00ce76b1fab9cbac59c381f5270470ce
Signed-off-by: Dylan Reid <dgreid@google.com>
diff --git a/libminijail.h b/libminijail.h
index 7e52a1e..3f00a5e 100644
--- a/libminijail.h
+++ b/libminijail.h
@@ -95,6 +95,19 @@
*/
void minijail_mount_tmp(struct minijail *j);
+/* minijail_mount: when entering minijail @j, mounts @src at @dst with @flags
+ * @j minijail to bind inside
+ * @src source to bind
+ * @dest location to bind (inside chroot)
+ * @type type of filesystem
+ * @flags flags passed to mount
+ *
+ * This may be called multiple times; all bindings will be applied in the order
+ * of minijail_mount() calls.
+ */
+int minijail_mount(struct minijail *j, const char *src, const char *dest,
+ const char *type, unsigned long flags);
+
/* minijail_bind: bind-mounts @src into @j as @dest, optionally writeable
* @j minijail to bind inside
* @src source to bind