mirror of
https://github.com/projectatomic/bubblewrap.git
synced 2026-02-05 15:45:22 +01:00
a253257cd2
This is useful for example if you for some reason don't have the real path. It is also a way to make bind-mounts race-free (i.e. to have the mount actually be the thing you wanted to be mounted, avoiding issues where some other process replaces the target in parallel with the bwrap launch. Unfortunately due to some technical details we can't actually directly mount the dirfd, as they come from different user namespace which is not permitted, but at least we can delay resolving the fd to a path as much as possible, and then validate after mount that we actually mounted the right thing. Signed-off-by: Alexander Larsson <alexl@redhat.com>