nsjail: Always remount /tmp before src/out/dist
A user was trying to use OUT_DIR=/tmp/...-out DIST_DIR=/tmp/...-dist Test: OUT_DIR=/tmp/test-out DIST_DIR=/tmp/test-dist m nothing Change-Id: I811cc8e1bda8d766406603df47309a8637cef48c
This commit is contained in:
parent
ef720013ef
commit
1612e2641e
1 changed files with 3 additions and 3 deletions
|
@ -181,15 +181,15 @@ func (c *Cmd) wrapSandbox() {
|
||||||
// For now, just map everything. Make most things readonly.
|
// For now, just map everything. Make most things readonly.
|
||||||
"-R", "/",
|
"-R", "/",
|
||||||
|
|
||||||
|
// Mount a writable tmp dir
|
||||||
|
"-B", "/tmp",
|
||||||
|
|
||||||
// Mount source are read-write
|
// Mount source are read-write
|
||||||
"-B", sandboxConfig.srcDir,
|
"-B", sandboxConfig.srcDir,
|
||||||
|
|
||||||
//Mount out dir as read-write
|
//Mount out dir as read-write
|
||||||
"-B", sandboxConfig.outDir,
|
"-B", sandboxConfig.outDir,
|
||||||
|
|
||||||
// Mount a writable tmp dir
|
|
||||||
"-B", "/tmp",
|
|
||||||
|
|
||||||
// Disable newcgroup for now, since it may require newer kernels
|
// Disable newcgroup for now, since it may require newer kernels
|
||||||
// TODO: try out cgroups
|
// TODO: try out cgroups
|
||||||
"--disable_clone_newcgroup",
|
"--disable_clone_newcgroup",
|
||||||
|
|
Loading…
Reference in a new issue