[systemd-commits] 2 commits - src/core
Lennart Poettering
lennart at kemper.freedesktop.org
Thu Jul 3 07:28:31 PDT 2014
src/core/namespace.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
New commits:
commit 664064d60c36e1f62c7e9177e4c7498035467e07
Author: Lennart Poettering <lennart at poettering.net>
Date: Thu Jul 3 16:27:57 2014 +0200
namespace: make sure /tmp, /var/tmp and /dev are writable in namespaces we set up
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 1d0f740..5466b7b 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -334,7 +334,7 @@ static int make_read_only(BindMount *m) {
if (IN_SET(m->mode, INACCESSIBLE, READONLY))
r = bind_remount_recursive(m->path, true);
- else if (m->mode == READWRITE)
+ else if (IN_SET(m->mode, READWRITE, PRIVATE_TMP, PRIVATE_VAR_TMP, PRIVATE_DEV))
r = bind_remount_recursive(m->path, false);
else
r = 0;
commit 002b226843e77630128da580225f9c3ef8474db2
Author: Lennart Poettering <lennart at poettering.net>
Date: Thu Jul 3 16:27:53 2014 +0200
namespace: fix uninitialized memory access
diff --git a/src/core/namespace.c b/src/core/namespace.c
index d1513ce..1d0f740 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -69,6 +69,7 @@ static int append_mounts(BindMount **p, char **strv, MountMode mode) {
STRV_FOREACH(i, strv) {
(*p)->ignore = false;
+ (*p)->done = false;
if ((mode == INACCESSIBLE || mode == READONLY || mode == READWRITE) && (*i)[0] == '-') {
(*p)->ignore = true;
@@ -375,7 +376,7 @@ int setup_namespace(
(protect_system == PROTECT_SYSTEM_FULL ? 1 : 0);
if (n > 0) {
- m = mounts = (BindMount *) alloca(n * sizeof(BindMount));
+ m = mounts = (BindMount *) alloca0(n * sizeof(BindMount));
r = append_mounts(&m, read_write_dirs, READWRITE);
if (r < 0)
return r;
More information about the systemd-commits
mailing list