gvisor

Commit Graph

Author	SHA1	Message	Date
Fabricio Voznika	c7877b0a14	Fail in case mount option is unknown PiperOrigin-RevId: 239425816 Change-Id: I3b1479c61b4222c3931a416c4efc909157044330	2019-03-20 10:36:20 -07:00
Fabricio Voznika	e420cc3e5d	Add support for mount propagation Properly handle propagation options for root and mounts. Now usage of mount options shared, rshared, and noexec cause error to start. shared/ rshared breaks sandbox=>host isolation. slave however can be supported because changes propagate from host to sandbox. Root FS setup moved inside the gofer. Apart from simplifying the code, it keeps all mounts inside the namespace. And they are torn down when the namespace is destroyed (DestroyFS is no longer needed). PiperOrigin-RevId: 239037661 Change-Id: I8b5ee4d50da33c042ea34fa68e56514ebe20e6e0	2019-03-18 12:30:43 -07:00

Author

SHA1

Message

Date

Fabricio Voznika

c7877b0a14

Fail in case mount option is unknown

PiperOrigin-RevId: 239425816
Change-Id: I3b1479c61b4222c3931a416c4efc909157044330

2019-03-20 10:36:20 -07:00

Fabricio Voznika

e420cc3e5d

Add support for mount propagation

Properly handle propagation options for root and mounts. Now usage of
mount options shared, rshared, and noexec cause error to start. shared/
rshared breaks sandbox=>host isolation. slave however can be supported
because changes propagate from host to sandbox.

Root FS setup moved inside the gofer. Apart from simplifying the code,
it keeps all mounts inside the namespace. And they are torn down when
the namespace is destroyed (DestroyFS is no longer needed).

PiperOrigin-RevId: 239037661
Change-Id: I8b5ee4d50da33c042ea34fa68e56514ebe20e6e0

2019-03-18 12:30:43 -07:00

2 Commits