about summary refs log tree commit diff
path: root/nixpkgs/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c')
-rw-r--r--nixpkgs/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/nixpkgs/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c b/nixpkgs/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c
index a438b80e1829..27e70e3fe5c4 100644
--- a/nixpkgs/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c
+++ b/nixpkgs/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c
@@ -43,7 +43,6 @@ const gchar *create_tmpdir() {
 void pivot_host(const gchar *guest) {
   g_autofree gchar *point = g_build_filename(guest, "host", NULL);
   fail_if(g_mkdir(point, 0755));
-  fail_if(mount(0, "/", 0, MS_PRIVATE | MS_REC, 0));
   fail_if(pivot_root(guest, point));
 }
 
@@ -122,6 +121,9 @@ int main(gint argc, gchar **argv) {
       fail("unshare", unshare_errno);
     }
 
+    // hide all mounts we do from the parent
+    fail_if(mount(0, "/", 0, MS_PRIVATE | MS_REC, 0));
+
     if (uid != 0) {
       spit("/proc/self/setgroups", "deny");
       spit("/proc/self/uid_map", "%d %d 1", uid, uid);
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-03 23:31:39 +0000