extend -K to accept a mount propagation type
By default, minijail will mark all mounts as private. The -K flag
allows them to skip that step which will retain all existing mount
settings. We now have scenarios where we want to share some mount
points, so lets extend -K to accept the propagation mode. This lets
people use -Kslave and mark all the mount points as slaves.
Bug: chromium:813131
Test: `make check` and using -Kslave allows changes in the parent namespace
Change-Id: I571e402a383ecf60a6104f87ef97b76710a34d38
diff --git a/minijail0.1 b/minijail0.1
index 7c535e0..ce8e67c 100644
--- a/minijail0.1
+++ b/minijail0.1
@@ -84,10 +84,28 @@
If the destination does not exist, it will be created as a directory (including
missing parent directories).
.TP
-\fB-K\fR
+\fB-K[mode]\fR
Don't mark all existing mounts as MS_PRIVATE.
This option is \fBdangerous\fR as it negates most of the functionality of \fB-v\fR.
You very likely don't need this.
+
+You may specify a mount propagation mode in which case, that will be used
+instead of the default MS_PRIVATE. See the \fBmount\fR(2) man page and the
+kernel docs \fIDocumentation/filesystems/sharedsubtree.txt\fR for more
+technical details, but a brief guide:
+
+.IP
+\[bu] \fBslave\fR Changes in the parent mount namespace will propagate in, but
+changes in this mount namespace will not propagate back out. This is usually
+what people want to use.
+.IP
+\[bu] \fBprivate\fR No changes in either mount namespace will propagate.
+This is the default behavior if you don't specify \fB-K\fR.
+.IP
+\[bu] \fBshared\fR Changes in the parent and this mount namespace will freely
+propagate back and forth. This is not recommended.
+.IP
+\[bu] \fBunbindable\fR Mark all mounts as unbindable.
.TP
\fB-l\fR
Run inside a new IPC namespace. This option makes the program's System V IPC