From e138ebaa33b1c2c28734f32d542d674bff129c7c Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sat, 4 Feb 2017 15:55:05 -0500
Subject: --git-install

---
 src/firejail/git.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/firejail/git.c b/src/firejail/git.c
index bacceba59..aaae44de7 100644
--- a/src/firejail/git.c
+++ b/src/firejail/git.c
@@ -22,14 +22,21 @@
 #include <sched.h>
 #include <sys/mount.h>
 
-// install a simple mount/pid namespace sandbox with a tmpfs on top of /tmp
+// install a very simple mount namespace sandbox with a tmpfs on top of /tmp
 static void sbox_ns(void) {
-	if (unshare(CLONE_NEWNS | CLONE_NEWIPC) < 0)
+	if (unshare(CLONE_NEWNS) < 0)
 		errExit("unshare");
 
+	// mount events are not forwarded between the host the sandbox
+	if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) {
+		errExit("mount");
+	}
+
+	// moount a tmpfs on top of /tmp
 	if (mount(NULL, "/tmp", "tmpfs", 0, NULL) < 0)
 		errExit("mount");
 }
+		
 
 void git_install() {
 	// redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh"
-- 
cgit v1.2.3-70-g09d2