Google Git
Sign in
android / platform / external / minijail / refs/heads/android-s-qpr3-beta-1^! / .
commitc628910028be8458900bf9b7c9fad9d5b42d3b04[log] [tgz]
authorZi Lin <lziest@google.com>Fri Jan 28 23:38:32 2022 +0000
committerZi Lin <lziest@google.com>Mon Jan 31 18:48:13 2022 +0000
tree1fac6176f65aebae1ad9c5ed73f3dd26b66a4d00
parentf65da3a91d350345a3b2a4e365314c5efdb13851 [diff]
cli: add a new long option '--ns-mount', equivalent to '-v'.

This also enables having 'ns-mount' in the conf file.
This change helps to create a self-contained conf file for
mounts and bind-mounts. Our first target use of conf file is
moving '-b' and '-k' options in the cli to a file with 'bind-mount=...'
and 'mount=...'.

Bug: 216345755
Test: Make tests, inspected "man -l minijail0.1"
Change-Id: Ib4a599d4fe8e6506d268356471ec151eed9f7490

diff --git a/minijail0.1 b/minijail0.1
index 9258e3f..a53ec6f 100644
--- a/minijail0.1
+++ b/minijail0.1

@@ -257,7 +257,7 @@
 \fB-U\fR
 Enter a new user namespace (implies \fB-p\fR).
 .TP
-\fB-v\fR
+\fB-v\fR, \fB--ns-mount\fR
 Run inside a new VFS namespace. This option prevents mounts performed by the
 program from affecting the rest of the system (but see \fB-K\fR).
 .TP

diff --git a/minijail0_cli.c b/minijail0_cli.c
index 3b9b708..e366846 100644
--- a/minijail0_cli.c
+++ b/minijail0_cli.c

@@ -500,6 +500,7 @@
     {"env-reset", no_argument, 0, OPT_ENV_RESET},
     {"mount", required_argument, 0, 'k'},
     {"bind-mount", required_argument, 0, 'b'},
+    {"ns-mount", no_argument, 0, 'v'},
     {0, 0, 0, 0},
 };
 
@@ -543,7 +544,8 @@
 "Namespace options:\n"
 "  -N           Enter a new cgroup namespace.\n"
 "  -l           Enter new IPC namespace.\n"
-"  -v           Enter new mount namespace.\n"
+"  -v, --ns-mount\n"
+"               Enter new mount namespace.\n"
 "  -V <file>    Enter specified mount namespace.\n"
 "  -e[file]     Enter new network namespace, or existing |file| if provided.\n"
 "  -p           Enter new pid namespace (implies -vr).\n"

diff --git a/minijail0_cli_unittest.cc b/minijail0_cli_unittest.cc
index f280a8a..7b20ecd 100644
--- a/minijail0_cli_unittest.cc
+++ b/minijail0_cli_unittest.cc

@@ -598,7 +598,7 @@
 }
 
 TEST_F(CliTest, conf_parsing) {
-  std::vector<std::string> argv = {"-v", "--config",
+  std::vector<std::string> argv = {"--config",
                                    source_path("test/valid.conf"),
                                    "/bin/sh"};
 

diff --git a/test/valid.conf b/test/valid.conf
index 4f75bb9..a574e6c 100644
--- a/test/valid.conf
+++ b/test/valid.conf

@@ -1,5 +1,8 @@
 % minijail-config-file v0
 # Comments
+# enable mount namespace
+ns-mount
+# mounts and bind-mounts
 mount = none,/,none
 bind-mount = /,/
 mount-dev