From a4cc165a9fdcc9d76a0ba58a2e9ccde605e5f40d Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Tue, 14 Apr 2020 15:46:03 +0100 Subject: [PATCH] jail: always mount /dev as additional tmpfs Signed-off-by: Daniel Golle --- jail/jail.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/jail/jail.c b/jail/jail.c index 87b671b..ca8b832 100644 --- a/jail/jail.c +++ b/jail/jail.c @@ -187,6 +187,7 @@ static int build_jail_fs(void) { char jail_root[] = "/tmp/ujail-XXXXXX"; char tmpovdir[] = "/tmp/ujail-overlay-XXXXXX"; + char tmpdevdir[] = "/tmp/ujail-XXXXXX/dev"; char *overlaydir = NULL; if (mkdtemp(jail_root) == NULL) { @@ -240,6 +241,11 @@ static int build_jail_fs(void) return -1; } + snprintf(tmpdevdir, sizeof(tmpdevdir), "%s/dev", jail_root); + mkdir_p(tmpdevdir, 0755); + if (mount(NULL, tmpdevdir, "tmpfs", MS_NOATIME | MS_NOEXEC | MS_NOSUID, "size=1M")) + return -1; + if (mount_all(jail_root)) { ERROR("mount_all() failed\n"); return -1; -- 2.25.1