this repo has no description
Use CLONE_NEWIPC and mount a new /dev/shm for every container
+9
-2
+9
-2
src/startup/darling.c
+9
-2
src/startup/darling.c
···
672
672
exit(1);
673
673
}
674
674
675
-
if (unshare(CLONE_NEWPID | CLONE_NEWUTS) != 0)
675
+
if (unshare(CLONE_NEWPID | CLONE_NEWUTS | CLONE_NEWIPC) != 0)
676
676
{
677
-
fprintf(stderr, "Cannot unshare PID and UTS namespaces to create darling-init: %s\n", strerror(errno));
677
+
fprintf(stderr, "Cannot unshare PID, UTS and IPC namespaces to create darling-init: %s\n", strerror(errno));
678
678
exit(1);
679
679
}
680
680
···
709
709
if (mount(NULL, "/", NULL, MS_REC | MS_SLAVE, NULL) != 0)
710
710
{
711
711
fprintf(stderr, "Cannot remount / as slave: %s\n", strerror(errno));
712
+
exit(1);
713
+
}
714
+
715
+
umount("/dev/shm");
716
+
if (mount("tmpfs", "/dev/shm", "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV, NULL) != 0)
717
+
{
718
+
fprintf(stderr, "Cannot mount new /dev/shm: %s\n", strerror(errno));
712
719
exit(1);
713
720
}
714
721