diff options
| author | Andrei Vagin <avagin@google.com> | 2021-02-10 16:30:22 -0800 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2021-02-10 16:32:45 -0800 |
| commit | 97a36d1696982949722c6d6da1e5031d79e90b48 (patch) | |
| tree | 58bd2331cf34636e39dedb01d6230ff527d1e227 | |
| parent | 96d3b3188bb19669f09ccad99d243555eb00c3f7 (diff) | |
Don't allow to umount the namespace root mount
Linux does the same thing.
Reported-by: syzbot+6c79385c930c929d1d9e@syzkaller.appspotmail.com
PiperOrigin-RevId: 356854562
| -rw-r--r-- | pkg/sentry/vfs/mount.go | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/pkg/sentry/vfs/mount.go b/pkg/sentry/vfs/mount.go index d865fd603..7063066ff 100644 --- a/pkg/sentry/vfs/mount.go +++ b/pkg/sentry/vfs/mount.go @@ -309,6 +309,11 @@ func (vfs *VirtualFilesystem) UmountAt(ctx context.Context, creds *auth.Credenti vfs.mountMu.Unlock() return syserror.EINVAL } + + if vd.mount == vd.mount.ns.root { + vfs.mountMu.Unlock() + return syserror.EINVAL + } } // TODO(gvisor.dev/issue/1035): Linux special-cases umount of the caller's |