Keep /mnt/secure private to default namespace. When vold mounts things in /mnt/secure/staging, it expects to MS_MOVE those mountpoints when vetting is finished. However, the kernel doesn't allow MS_MOVE when the source is shared to child namespaces. To work around this, create a tmpfs at /mnt/secure and mark it as private (not shared). Verified that vold can now successfully move from the staging area. Bug: 7094858 Change-Id: I5e05b1005c63efa277935c9bbd18cbf3ffdd47a3

commit: 58d3980f314d08f86347ba83db85c2d4c6066599 [log] [tgz]
author: Jeff Sharkey <jsharkey@android.com> Thu Sep 06 14:15:46 2012 -0700
committer: Jeff Sharkey <jsharkey@android.com> Thu Sep 06 14:15:46 2012 -0700
tree: dec94572b252087c571369cbf2d472097fa6f25e
parent: d6d4286a28b4a9aef902585625ea6656ab06cf52 [diff] [blame]
diff --git a/rootdir/init.rc b/rootdir/init.rc
index fc678f0..3d57211 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -63,6 +63,8 @@
 
     # Directory for putting things only root should see.
     mkdir /mnt/secure 0700 root root
+    # Create private mountpoint so we can MS_MOVE from staging
+    mount tmpfs tmpfs /mnt/secure mode=0700,uid=0,gid=0
 
     # Directory for staging bindmounts
     mkdir /mnt/secure/staging 0700 root root
@@ -135,6 +137,7 @@
     mount rootfs rootfs / ro remount
     # mount shared so changes propagate into child namespaces
     mount rootfs rootfs / shared rec
+    mount tmpfs tmpfs /mnt/secure private rec
 
     # We chown/chmod /cache again so because mount is run as root + defaults
     chown system cache /cache
commit	58d3980f314d08f86347ba83db85c2d4c6066599	[log] [tgz]
author	Jeff Sharkey <jsharkey@android.com>	Thu Sep 06 14:15:46 2012 -0700
committer	Jeff Sharkey <jsharkey@android.com>	Thu Sep 06 14:15:46 2012 -0700
tree	dec94572b252087c571369cbf2d472097fa6f25e
parent	d6d4286a28b4a9aef902585625ea6656ab06cf52 [diff] [blame]