am d2f9bf3a: Merge "Keep /mnt/secure private to default namespace." into jb-mr1-dev

* commit 'd2f9bf3addaa586c0dbc303508caf02c66dc03b9': Keep /mnt/secure private to default namespace.
2012-09-06 14:53:14 -07:00 · 2012-09-06 14:53:14 -07:00 · 7617b28fd3
parent 2121219cfd d2f9bf3add
commit 7617b28fd3
1 changed files with 3 additions and 0 deletions
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@ -63,6 +63,8 @@ loglevel 3

    # Directory for putting things only root should see.
    mkdir /mnt/secure 0700 root root
+    # Create private mountpoint so we can MS_MOVE from staging
+    mount tmpfs tmpfs /mnt/secure mode=0700,uid=0,gid=0

    # Directory for staging bindmounts
    mkdir /mnt/secure/staging 0700 root root
@ -135,6 +137,7 @@ on post-fs
    mount rootfs rootfs / ro remount
    # mount shared so changes propagate into child namespaces
    mount rootfs rootfs / shared rec
+    mount tmpfs tmpfs /mnt/secure private rec

    # We chown/chmod /cache again so because mount is run as root + defaults
    chown system cache /cache