am d2f9bf3a: Merge "Keep /mnt/secure private to default namespace." into jb-mr1-dev * commit 'd2f9bf3addaa586c0dbc303508caf02c66dc03b9': Keep /mnt/secure private to default namespace.

commit: 7617b28fd3549b5e9c1e6980088ff09fa9a02053 [log] [tgz]
author: Jeff Sharkey <jsharkey@android.com> Thu Sep 06 14:53:14 2012 -0700
committer: Android Git Automerger <android-git-automerger@android.com> Thu Sep 06 14:53:14 2012 -0700
tree: 11a317fa2b088b5c32dc928e9bf23afaa0639e1d
parent: 2121219cfd5cc288d6ad1f42d5d37d62e476c7b0 [diff]
parent: d2f9bf3addaa586c0dbc303508caf02c66dc03b9 [diff]
diff --git a/rootdir/init.rc b/rootdir/init.rc
index fc678f0..3d57211 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -63,6 +63,8 @@
 
     # Directory for putting things only root should see.
     mkdir /mnt/secure 0700 root root
+    # Create private mountpoint so we can MS_MOVE from staging
+    mount tmpfs tmpfs /mnt/secure mode=0700,uid=0,gid=0
 
     # Directory for staging bindmounts
     mkdir /mnt/secure/staging 0700 root root
@@ -135,6 +137,7 @@
     mount rootfs rootfs / ro remount
     # mount shared so changes propagate into child namespaces
     mount rootfs rootfs / shared rec
+    mount tmpfs tmpfs /mnt/secure private rec
 
     # We chown/chmod /cache again so because mount is run as root + defaults
     chown system cache /cache
commit	7617b28fd3549b5e9c1e6980088ff09fa9a02053	[log] [tgz]
author	Jeff Sharkey <jsharkey@android.com>	Thu Sep 06 14:53:14 2012 -0700
committer	Android Git Automerger <android-git-automerger@android.com>	Thu Sep 06 14:53:14 2012 -0700
tree	11a317fa2b088b5c32dc928e9bf23afaa0639e1d
parent	2121219cfd5cc288d6ad1f42d5d37d62e476c7b0 [diff]
parent	d2f9bf3addaa586c0dbc303508caf02c66dc03b9 [diff]