mkbox

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README
commit 0f6781f4f5d8125422493f8393daa0d6b959b41d
parent 21b9d712095829cc2ae4385f423fdd833ff42260
Author: Brian Swetland <swetland@frotz.net>
Date:   Sun, 27 Apr 2014 15:28:31 -0700

add a note

Diffstat:

Mmkbox.c | 3+++


1 file changed, 3 insertions(+), 0 deletions(-)

diff --git a/mkbox.c b/mkbox.c
@@ -77,6 +77,9 @@ int main(int argc, char **argv) {
 	ok(unshare, CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|
 		CLONE_NEWIPC|CLONE_NEWUSER);
 
+	/* ensure that changes to our mount namespace do not "leak" to
+	 * outside namespaces (what mount --make-rprivate / does)
+	 */
 	mount("none", "/", NULL, MS_REC|MS_PRIVATE, NULL);
 
 	/* mount the sandbox on top of itself in our new namespace */