Skip to content

Commit

Permalink
Fix empty root directories in mount namespace
Browse files Browse the repository at this point in the history
This fixes an issue where previous sandbox's root directories created
for bind mounts would be available in new sandboxes as empty
directories.

While this doesn't cause any security issues, it causes tests to fail
and would likely be unexpected by consumers.
  • Loading branch information
cd-work committed Sep 26, 2023
1 parent 3931129 commit 9e98f7a
Showing 1 changed file with 3 additions and 4 deletions.
7 changes: 3 additions & 4 deletions src/linux/namespaces.rs
Original file line number Diff line number Diff line change
Expand Up @@ -64,10 +64,9 @@ fn create_mount_namespace(bind_mounts: HashMap<PathBuf, libc::c_ulong>) -> Resul
let new_root = PathBuf::from(NEW_ROOT);
let put_old = new_root.join(OLD_ROOT_DIR);

// Ensure new root exists.
if !new_root.exists() {
fs::create_dir(&new_root)?;
}
// Ensure new root is available as an empty directory.
fs::remove_dir_all(&new_root)?;
fs::create_dir(&new_root)?;

// Create C-friendly versions for our paths.
let new_root_c = CString::new(new_root.as_os_str().as_bytes()).unwrap();
Expand Down

0 comments on commit 9e98f7a

Please sign in to comment.