From 055de38fcf1159c7b3ce3e05b8ec0fcf07f635dc Mon Sep 17 00:00:00 2001
From: Chirantan Ekbote <chirantan@chromium.org>
Date: Fri, 24 Jan 2020 12:16:58 +0900
Subject: Allow mounts to propagate into 9p device jail

Allow mounts from the parent namespace to propagate into the mount
namespace of the 9p device process.

BUG=none
TEST=none

Change-Id: Iff455c8967949bd3e0f2990c947d45bbbc541d45
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2018305
Reviewed-by: Yusuke Sato <yusukes@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: Yusuke Sato <yusukes@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
---
 io_jail/src/lib.rs         | 5 ++++-
 io_jail/src/libminijail.rs | 2 +-
 src/linux.rs               | 4 ++++
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/io_jail/src/lib.rs b/io_jail/src/lib.rs
index dce8e61..16212c6 100644
--- a/io_jail/src/lib.rs
+++ b/io_jail/src/lib.rs
@@ -14,7 +14,7 @@ use std::ffi::CString;
 use std::fmt::{self, Display};
 use std::fs;
 use std::io;
-use std::os::raw::c_ushort;
+use std::os::raw::{c_ulong, c_ushort};
 use std::os::unix::io::{AsRawFd, RawFd};
 use std::path::{Path, PathBuf};
 use std::ptr::{null, null_mut};
@@ -398,6 +398,9 @@ impl Minijail {
             libminijail::minijail_remount_proc_readonly(self.jail);
         }
     }
+    pub fn set_remount_mode(&mut self, mode: c_ulong) {
+        unsafe { libminijail::minijail_remount_mode(self.jail, mode) }
+    }
     pub fn uidmap(&mut self, uid_map: &str) -> Result<()> {
         let map_cstring =
             CString::new(uid_map).map_err(|_| Error::StrToCString(uid_map.to_owned()))?;
diff --git a/io_jail/src/libminijail.rs b/io_jail/src/libminijail.rs
index 737474b..595bcc0 100644
--- a/io_jail/src/libminijail.rs
+++ b/io_jail/src/libminijail.rs
@@ -38,7 +38,7 @@ extern "C" {
     pub fn minijail_new_session_keyring(j: *mut minijail);
     pub fn minijail_skip_setting_securebits(j: *mut minijail, securebits_skip_mask: u64);
     pub fn minijail_skip_remount_private(j: *mut minijail);
-    pub fn minijail_remount_mode(j: *mut minijail, mode: c_long);
+    pub fn minijail_remount_mode(j: *mut minijail, mode: c_ulong);
     pub fn minijail_namespace_ipc(j: *mut minijail);
     pub fn minijail_namespace_uts(j: *mut minijail);
     pub fn minijail_namespace_set_hostname(j: *mut minijail, name: *const c_char) -> c_int;
diff --git a/src/linux.rs b/src/linux.rs
index a26e7bb..84edf5c 100644
--- a/src/linux.rs
+++ b/src/linux.rs
@@ -825,6 +825,10 @@ fn create_9p_device(cfg: &Config, src: &Path, tag: &str) -> DeviceResult {
             let root = Path::new("/");
             jail.mount_bind(src, root, true)?;
 
+            // We want bind mounts from the parent namespaces to propagate into the 9p server's
+            // namespace.
+            jail.set_remount_mode(libc::MS_SLAVE);
+
             add_crosvm_user_to_jail(&mut jail, "p9")?;
             (Some(jail), root)
         }
-- 
cgit 1.4.1