more silencing of /sys umount warnings

author: smitsohu <smitsohu@gmail.com> 2018-08-29 19:36:22 +0200
committer: smitsohu <smitsohu@gmail.com> 2018-08-29 19:36:22 +0200
commit: 8980a5c96a857cc18811d5d7b516dea4138a06d0 (patch)
tree: 41f5990ac2e90d0600ec9963775324072c8a5dcd
parent: cleanup (diff)
download: firejail-8980a5c96a857cc18811d5d7b516dea4138a06d0.tar.gz
firejail-8980a5c96a857cc18811d5d7b516dea4138a06d0.tar.zst
firejail-8980a5c96a857cc18811d5d7b516dea4138a06d0.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 08b268d93..825f004cc 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -555,6 +555,7 @@ void fs_mnt(void) {
 // mount /proc and /sys directories
 void fs_proc_sys_dev_boot(void) {
        if (arg_debug)
                printf("Remounting /proc and /proc/sys filesystems\n");
        if (mount("proc", "/proc", "proc", MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_REC, NULL) < 0)
@@ -571,9 +572,9 @@ void fs_proc_sys_dev_boot(void) {
        /* Mount a version of /sys that describes the network namespace */
        if (arg_debug)
                printf("Remounting /sys directory\n");
-        // if this is an overlay, just mount a new /sys on top of the upper layer
+        // if this is an overlay, don't try to unmount, just mount a new sysfs
        if (!arg_overlay) {
-                if (umount2("/sys", MNT_DETACH) < 0)
+                if (umount2("/sys", MNT_DETACH) < 0 && !cfg.chrootdir)
                        fwarning("failed to unmount /sys\n");
        }
        if (mount("sysfs", "/sys", "sysfs", MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REC, NULL) < 0)
author	smitsohu <smitsohu@gmail.com>	2018-08-29 19:36:22 +0200
committer	smitsohu <smitsohu@gmail.com>	2018-08-29 19:36:22 +0200
commit	8980a5c96a857cc18811d5d7b516dea4138a06d0 (patch)
tree	41f5990ac2e90d0600ec9963775324072c8a5dcd
parent	cleanup (diff)
download	firejail-8980a5c96a857cc18811d5d7b516dea4138a06d0.tar.gz firejail-8980a5c96a857cc18811d5d7b516dea4138a06d0.tar.zst firejail-8980a5c96a857cc18811d5d7b516dea4138a06d0.zip

diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 08b268d93..825f004cc 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -555,6 +555,7 @@ void fs_mnt(void) {
555		555
556	// mount /proc and /sys directories	556	// mount /proc and /sys directories
557	void fs_proc_sys_dev_boot(void) {	557	void fs_proc_sys_dev_boot(void) {
		558
558	if (arg_debug)	559	if (arg_debug)
559	printf("Remounting /proc and /proc/sys filesystems\n");	560	printf("Remounting /proc and /proc/sys filesystems\n");
560	if (mount("proc", "/proc", "proc", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_REC, NULL) < 0)	561	if (mount("proc", "/proc", "proc", MS_NOSUID \| MS_NOEXEC \| MS_NODEV \| MS_REC, NULL) < 0)
@@ -571,9 +572,9 @@ void fs_proc_sys_dev_boot(void) {
571	/* Mount a version of /sys that describes the network namespace */	572	/* Mount a version of /sys that describes the network namespace */
572	if (arg_debug)	573	if (arg_debug)
573	printf("Remounting /sys directory\n");	574	printf("Remounting /sys directory\n");
574	// if this is an overlay, just mount a new /sys on top of the upper layer	575	// if this is an overlay, don't try to unmount, just mount a new sysfs
575	if (!arg_overlay) {	576	if (!arg_overlay) {
576	if (umount2("/sys", MNT_DETACH) < 0)	577	if (umount2("/sys", MNT_DETACH) < 0 && !cfg.chrootdir)
577	fwarning("failed to unmount /sys\n");	578	fwarning("failed to unmount /sys\n");
578	}	579	}
579	if (mount("sysfs", "/sys", "sysfs", MS_RDONLY\|MS_NOSUID\|MS_NOEXEC\|MS_NODEV\|MS_REC, NULL) < 0)	580	if (mount("sysfs", "/sys", "sysfs", MS_RDONLY\|MS_NOSUID\|MS_NOEXEC\|MS_NODEV\|MS_REC, NULL) < 0)