Allow for inaccessible mount points

When scanning all current mount points, we must be able to skip mountpoints that we cannot access, such as if `docker` is running and has internal mounts that are not visible to our current user.
staticfloat · Aug 1, 2022 · 609658b · 609658b
1 parent 165e5cc
commit 609658b
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/deps/userns_sandbox.c b/deps/userns_sandbox.c
@@ -374,11 +374,20 @@ static void bind_mount(const char *src, const char *dest, char read_only) {
     check(mtab != NULL);
     while (mnt = getmntent(mtab)) {
         struct stat dev_stat;
-        check(0 == stat(mnt->mnt_dir, &dev_stat));
-        if (dev_stat.st_dev == src_stat.st_dev)
+        // It's possible that we try to stat() something that we're
+        // not allowed to look at; if that occurs, skip it, hoping
+        // that it's not the mount we're actually interested in.
+        if (stat(mnt->mnt_dir, &dev_stat) == 0 &&
+            dev_stat.st_dev == src_stat.st_dev)
             break;
+
+        // Don't let a non-matching `mnt` leak through, in the event
+        // that we never find the device the mount belongs to.
+        mnt = NULL;
     }
     endmntent(mtab);
+
+    // This will fail if we never found the matching `mnt`.
     check(mnt != NULL);
 
     int locked_flags = 0;