From 9e98f7aff7cdc35e89bff23af005d1132b6e74f7 Mon Sep 17 00:00:00 2001
From: Christian Duerr <chris.durr@phylum.io>
Date: Tue, 26 Sep 2023 23:11:20 +0200
Subject: [PATCH] Fix empty root directories in mount namespace

This fixes an issue where previous sandbox's root directories created
for bind mounts would be available in new sandboxes as empty
directories.

While this doesn't cause any security issues, it causes tests to fail
and would likely be unexpected by consumers.
---
 src/linux/namespaces.rs | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/linux/namespaces.rs b/src/linux/namespaces.rs
index a670b74..c604387 100644
--- a/src/linux/namespaces.rs
+++ b/src/linux/namespaces.rs
@@ -64,10 +64,9 @@ fn create_mount_namespace(bind_mounts: HashMap<PathBuf, libc::c_ulong>) -> Resul
     let new_root = PathBuf::from(NEW_ROOT);
     let put_old = new_root.join(OLD_ROOT_DIR);
 
-    // Ensure new root exists.
-    if !new_root.exists() {
-        fs::create_dir(&new_root)?;
-    }
+    // Ensure new root is available as an empty directory.
+    fs::remove_dir_all(&new_root)?;
+    fs::create_dir(&new_root)?;
 
     // Create C-friendly versions for our paths.
     let new_root_c = CString::new(new_root.as_os_str().as_bytes()).unwrap();