PVF: fix detection of unshare-and-change-root security capability (#2304)

2026-06-13 17:31:05 +00:00 · 2023-11-14 15:03:19 +01:00
parent 39cc95740a
commit 7cfc233cdc
8 changed files with 32 additions and 10 deletions
@@ -92,13 +92,13 @@ macro_rules! decl_worker_main {
 					std::process::exit(status)
 				},
 				"--check-can-unshare-user-namespace-and-change-root" => {
+					#[cfg(target_os = "linux")]
+					let cache_path_tempdir = std::path::Path::new(&args[2]);
 					#[cfg(target_os = "linux")]
 					let status = if let Err(err) = security::unshare_user_namespace_and_change_root(
 						$crate::worker::WorkerKind::CheckPivotRoot,
 						worker_pid,
-						// We're not accessing any files, so we can try to pivot_root in the temp
-						// dir without conflicts with other processes.
-						&std::env::temp_dir(),
+						&cache_path_tempdir,
 					) {
 						// Write the error to stderr, log it on the host-side.
 						eprintln!("{}", err);