Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-19 08:40:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Allow Linux jails to see their mount points

Browse Source 
Some Linux packages (shakes fist angrily at Java) look to see if `/proc` is mounted as a part of the installation by running
   `mountpoint /proc`
While the Linux jail can see the contents of its `/proc` directory, the linprocfs driver will not generate the correct contents for `/proc/mounts` or `/proc/self/mountinfo` as `kern_getfsstat()` will, by default, filter all mount points other than the jail's chroot directory.

Fix is to set `enforce_statfs` to allow mount points below the jail's chroot directory to be visible.
This commit is contained in:
Chuck Tuffli
2022-03-04 08:16:33 -08:00
committed by GitHub
parent ff7de9167a
commit abc8a6b280
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
usr/local/share/bastille/create.sh
View File

@@ -170,6 +170,7 @@ ${NAME} {
mount.fstab = ${bastille_jail_fstab}; mount.fstab = ${bastille_jail_fstab};
path = ${bastille_jail_path}; path = ${bastille_jail_path};
devfs_ruleset = 4; devfs_ruleset = 4;
enforce_statfs = 1;
exec.start = '/bin/true'; exec.start = '/bin/true';
exec.stop = '/bin/true'; exec.stop = '/bin/true';