Properly isolate mount namespace
This commit is contained in:
parent
d1dfda405f
commit
9f8d4e1022
@ -10,6 +10,7 @@
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/wait.h>
|
||||
#include <sys/mount.h>
|
||||
|
||||
#include <magisk.h>
|
||||
#include <daemon.h>
|
||||
@ -308,14 +309,13 @@ void su_daemon_handler(int client, struct ucred *credential) {
|
||||
break;
|
||||
case NAMESPACE_MODE_REQUESTER:
|
||||
LOGD("su: use namespace of pid=[%d]\n", ctx.pid);
|
||||
if (switch_mnt_ns(ctx.pid)) {
|
||||
LOGD("su: setns failed, fallback to isolated\n");
|
||||
xunshare(CLONE_NEWNS);
|
||||
}
|
||||
if (switch_mnt_ns(ctx.pid))
|
||||
LOGD("su: setns failed, fallback to global\n");
|
||||
break;
|
||||
case NAMESPACE_MODE_ISOLATE:
|
||||
LOGD("su: use new isolated namespace\n");
|
||||
xunshare(CLONE_NEWNS);
|
||||
xmount(nullptr, "/", nullptr, MS_PRIVATE | MS_REC, nullptr);
|
||||
break;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user