Commit aebec0b4 authored by thomasanderson's avatar thomasanderson Committed by Commit bot

Linux sandbox: handle ENOSPC clone failure

Linux 4.9 adds /proc/sys/user/max_user_namespaces to limit the number
of concurrent user namespaces.  Sometimes the limit is set to 0 in
which case clone() will return ENOSPC.  This CL avoids PCHECK()ing in
that case.

BUG=715138
R=mdempsky@chromium.org

Review-Url: https://codereview.chromium.org/2842033002
Cr-Commit-Position: refs/heads/master@{#467271}
parent 3cba6ce1
......@@ -132,9 +132,10 @@ bool ChrootToSafeEmptyDir() {
void CheckCloneNewUserErrno(int error) {
// EPERM can happen if already in a chroot. EUSERS if too many nested
// namespaces are used. EINVAL for kernels that don't support the feature.
// Valgrind will ENOSYS unshare().
// Valgrind will ENOSYS unshare(). ENOSPC can occur when the system has
// reached its maximum configured number of user namespaces.
PCHECK(error == EPERM || error == EUSERS || error == EINVAL ||
error == ENOSYS);
error == ENOSYS || error == ENOSPC);
}
// Converts a Capability to the corresponding Linux CAP_XXX value.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment