diff options
Diffstat (limited to 'init/service_utils.cpp')
| -rw-r--r-- | init/service_utils.cpp | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/init/service_utils.cpp b/init/service_utils.cpp index 484c2c89f1..f2383d7a6e 100644 --- a/init/service_utils.cpp +++ b/init/service_utils.cpp @@ -60,13 +60,14 @@ Result<void> EnterNamespace(int nstype, const char* path) { Result<void> SetUpMountNamespace(bool remount_proc, bool remount_sys) { constexpr unsigned int kSafeFlags = MS_NODEV | MS_NOEXEC | MS_NOSUID; - // Recursively remount / as slave like zygote does so unmounting and mounting /proc - // doesn't interfere with the parent namespace's /proc mount. This will also - // prevent any other mounts/unmounts initiated by the service from interfering - // with the parent namespace but will still allow mount events from the parent + // Recursively remount / as MS_SLAVE like zygote does so that + // unmounting and mounting /proc doesn't interfere with the parent + // namespace's /proc mount. This will also prevent any other + // mounts/unmounts initiated by the service from interfering with the + // parent namespace but will still allow mount events from the parent // namespace to propagate to the child. if (mount("rootfs", "/", nullptr, (MS_SLAVE | MS_REC), nullptr) == -1) { - return ErrnoError() << "Could not remount(/) recursively as slave"; + return ErrnoError() << "Could not remount(/) recursively as MS_SLAVE"; } // umount() then mount() /proc and/or /sys @@ -194,7 +195,8 @@ Result<Descriptor> FileDescriptor::Create() const { return Descriptor(ANDROID_FILE_ENV_PREFIX + name, std::move(fd)); } -Result<void> EnterNamespaces(const NamespaceInfo& info, const std::string& name, bool pre_apexd) { +Result<void> EnterNamespaces(const NamespaceInfo& info, const std::string& name, + std::optional<MountNamespace> override_mount_namespace) { for (const auto& [nstype, path] : info.namespaces_to_enter) { if (auto result = EnterNamespace(nstype, path.c_str()); !result.ok()) { return result; @@ -202,9 +204,10 @@ Result<void> EnterNamespaces(const NamespaceInfo& info, const std::string& name, } #if defined(__ANDROID__) - if (pre_apexd) { - if (!SwitchToBootstrapMountNamespaceIfNeeded()) { - return Error() << "could not enter into the bootstrap mount namespace"; + if (override_mount_namespace.has_value()) { + if (auto result = SwitchToMountNamespaceIfNeeded(override_mount_namespace.value()); + !result.ok()) { + return result; } } #endif |