Allow mount data to be specified
Add an API, minijail_mount_with_data, that allows the mount data string
to be set. This is needed for some mounts when entering a user
namespace and specifying uid=, gid=, or similar mount options.
BUG=b/27273730
TEST=mount proc with hidepid=2 check mount output to confirm
security_Minijail0 test case added.
Change-Id: Ieb48cc10ad4f6ed9968a89189392eb3cfb13af39
Signed-off-by: Dylan Reid <dgreid@chromium.org>
diff --git a/libminijail.h b/libminijail.h
index c2532db..f7a2f1f 100644
--- a/libminijail.h
+++ b/libminijail.h
@@ -127,6 +127,23 @@
void minijail_mount_tmp(struct minijail *j);
/*
+ * minijail_mount_with_data: when entering minijail @j,
+ * mounts @src at @dst with @flags and @data.
+ * @j minijail to bind inside
+ * @src source to bind
+ * @dest location to bind (inside chroot)
+ * @type type of filesystem
+ * @flags flags passed to mount
+ * @data data arguments passed to mount(2), e.g. "mode=755"
+ *
+ * This may be called multiple times; all mounts will be applied in the order
+ * of minijail_mount() calls.
+ */
+int minijail_mount_with_data(struct minijail *j, const char *src,
+ const char *dest, const char *type,
+ unsigned long flags, const char *data);
+
+/*
* minijail_mount: when entering minijail @j, mounts @src at @dst with @flags
* @j minijail to bind inside
* @src source to bind
@@ -134,7 +151,7 @@
* @type type of filesystem
* @flags flags passed to mount
*
- * This may be called multiple times; all bindings will be applied in the order
+ * This may be called multiple times; all mounts will be applied in the order
* of minijail_mount() calls.
*/
int minijail_mount(struct minijail *j, const char *src, const char *dest,