diff options
| author | Sergey Bugaev <bugaevc@gmail.com> | 2020-01-12 21:03:42 +0300 |
|---|---|---|
| committer | Andreas Kling <awesomekling@gmail.com> | 2020-01-12 20:02:11 +0100 |
| commit | dd54d13d8d3bbc1f07b15e4ae89809bdb376632c (patch) | |
| tree | af4f8c3488210ba0849f397fba7a049998daa757 /Kernel/Process.h | |
| parent | fee6d0a3a6ad4e43a27460ca466617d1adb7f045 (diff) | |
| download | serenity-dd54d13d8d3bbc1f07b15e4ae89809bdb376632c.zip | |
Kernel+LibC: Allow passing mount flags to chroot()
Since a chroot is in many ways similar to a separate root mount, we can also
apply mount flags to it as if it was an actual mount. These flags will apply
whenever the chrooted process accesses its root directory, but not when other
processes access this same directory for the outside. Since it's common to
chdir("/") immediately after chrooting (so that files accessed through the
current directory inherit the same mount flags), this effectively allows one to
apply additional limitations to a process confined inside a chroot.
To this effect, sys$chroot() gains a mount_flags argument (exposed as
chroot_with_mount_flags() in userspace) which can be set to all the same values
as the flags argument for sys$mount(), and additionally to -1 to keep the flags
set for that file system. Note that passing 0 as mount_flags will unset any
flags that may have been set for the file system, not keep them.
Diffstat (limited to 'Kernel/Process.h')
| -rw-r--r-- | Kernel/Process.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Kernel/Process.h b/Kernel/Process.h index 5eb0c61b27..5921e30703 100644 --- a/Kernel/Process.h +++ b/Kernel/Process.h @@ -254,7 +254,7 @@ public: int sys$futex(const Syscall::SC_futex_params*); int sys$set_thread_boost(int tid, int amount); int sys$set_process_boost(pid_t, int amount); - int sys$chroot(const char* path, size_t path_length); + int sys$chroot(const char* path, size_t path_length, int mount_flags); int sys$pledge(const Syscall::SC_pledge_params*); static void initialize(); |