summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/kernel/g3doc
diff options
context:
space:
mode:
authorFabricio Voznika <fvoznika@google.com>2019-03-18 12:29:43 -0700
committerShentubot <shentubot@google.com>2019-03-18 12:30:43 -0700
commite420cc3e5d2066674d32d16ad885bee6b30da210 (patch)
tree991b119af7c8816a539318560338b3e5f065a2f8 /pkg/sentry/kernel/g3doc
parenteb69542807a87491fd4e6405bdab1c0f64db536d (diff)
Add support for mount propagation
Properly handle propagation options for root and mounts. Now usage of mount options shared, rshared, and noexec cause error to start. shared/ rshared breaks sandbox=>host isolation. slave however can be supported because changes propagate from host to sandbox. Root FS setup moved inside the gofer. Apart from simplifying the code, it keeps all mounts inside the namespace. And they are torn down when the namespace is destroyed (DestroyFS is no longer needed). PiperOrigin-RevId: 239037661 Change-Id: I8b5ee4d50da33c042ea34fa68e56514ebe20e6e0
Diffstat (limited to 'pkg/sentry/kernel/g3doc')
0 files changed, 0 insertions, 0 deletions