diff options
Diffstat (limited to 'internal/namespace/launcher_src/launcher.c')
| -rw-r--r-- | internal/namespace/launcher_src/launcher.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/internal/namespace/launcher_src/launcher.c b/internal/namespace/launcher_src/launcher.c index 4311430..e108da6 100644 --- a/internal/namespace/launcher_src/launcher.c +++ b/internal/namespace/launcher_src/launcher.c @@ -17,9 +17,11 @@ int main(int argc, char **argv) { uid_t current_uid = getuid(); gid_t current_gid = getgid(); - // 2. Combined Unshare for User and Network namespaces - if (unshare(CLONE_NEWUSER | CLONE_NEWNET) == -1) { - perror("unshare(CLONE_NEWUSER | CLONE_NEWNET)"); + // 2. Combined Unshare for User, Mount, and Network namespaces + // We unshare Mount namespace (CLONE_NEWNS) to allow private /etc/resolv.conf setup + // without contaminating the host filesystem. + if (unshare(CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWNET) == -1) { + perror("unshare(CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWNET)"); return 1; } |