abort when bind mounting a non-existent source path
If you try to pass a bogus path like -b /asdf,/asdf, minijail doesn't
mind and goes ahead and creates the destination (which also creates
the source), and then does a bind mount. We should instead abort --
if you really want to bind mount a new directory or file, the daemon
should explicitly create the path correctly.
For the -k option, we were stating the pseudo source which could lead
to bad behavior. e.g. If there was a file in the cwd named "none" or
"proc", we'd stat() it, and then change the destination setup logic.
The current behavior is also a little idiosyncratic: if the source
and dest are the same, there's no error, but if you try to mount to
a different path (-b /asdf,/foo), it'll fail. Or if you try to use
a chroot/pivot root, it'll fail.
We now enforce absolute paths for sources with the -b & -k options.
This shouldn't be a problem in general, and it makes the behavior a
bit more consistent.
Bug: None
Test: unittests pass
Test: betty VM boots and cheets_StartAndroid passes
Change-Id: I26310ba45b8e463533485de879a19e578d66b0e6
diff --git a/libminijail.c b/libminijail.c
index 89fb609..169e221 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -1223,7 +1223,8 @@
if (asprintf(&dest, "%s%s", j->chrootdir, m->dest) < 0)
return -ENOMEM;
- if (setup_mount_destination(m->src, dest, j->uid, j->gid))
+ if (setup_mount_destination(m->src, dest, j->uid, j->gid,
+ (m->flags & MS_BIND)))
pdie("creating mount target '%s' failed", dest);
/*