Skip new mount namespace on -k. am: 0a0514ca8e am: 4a9d2901eb Change-Id: I27f993bd649844dc2640c33022fd22b009acbbad

commit: ab8688bfc6c913bccef6a5c5781b6f5c7b78e6a6 [log] [tgz]
author: Automerger Merge Worker <[email protected]> Wed Feb 05 23:48:07 2020 +0000
committer: Automerger Merge Worker <[email protected]> Wed Feb 05 23:48:07 2020 +0000
tree: 83dbdcfc902311186d21ee3800be919aba08c482
parent: 8ebeec28530d101abc1013915c9ad0d80764b0a3 [diff]
parent: 4a9d2901ebb203adc607e0ccac537718e317da30 [diff]
diff --git a/libminijail.c b/libminijail.c
index 8531c76..d9e8e3c 100644
--- a/libminijail.c
+++ b/libminijail.c

@@ -832,10 +832,14 @@
 	m->flags = flags;
 
 	/*
-	 * Force vfs namespacing so the mounts don't leak out into the
-	 * containing vfs namespace.
+	 * Unless asked to enter an existing namespace, force vfs namespacing
+	 * so the mounts don't leak out into the containing vfs namespace.
+	 * If Minijail is being asked to enter the root vfs namespace this will
+	 * leak mounts, but it's unlikely that the user would ask to do that by
+	 * mistake.
 	 */
-	minijail_namespace_vfs(j);
+	if (!j->flags.enter_vfs)
+		minijail_namespace_vfs(j);
 
 	if (j->mounts_tail)
 		j->mounts_tail->next = m;
commit	ab8688bfc6c913bccef6a5c5781b6f5c7b78e6a6	[log] [tgz]
author	Automerger Merge Worker <[email protected]>	Wed Feb 05 23:48:07 2020 +0000
committer	Automerger Merge Worker <[email protected]>	Wed Feb 05 23:48:07 2020 +0000
tree	83dbdcfc902311186d21ee3800be919aba08c482
parent	8ebeec28530d101abc1013915c9ad0d80764b0a3 [diff]
parent	4a9d2901ebb203adc607e0ccac537718e317da30 [diff]