From 91ca331474b6b7859a85678d8a4dd4b876345ddd Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Thu, 25 Jan 2018 11:36:37 -0500 Subject: [PATCH] chroot when no mount namespaces is provided Signed-off-by: Michael Crosby --- libcontainer/rootfs_linux.go | 8 +++++++- libcontainer/standard_init_linux.go | 9 ++------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index eb9e0253..73ee2bd6 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -100,8 +100,10 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig) (err error) { if config.NoPivotRoot { err = msMoveRoot(config.Rootfs) - } else { + } else if config.Namespaces.Contains(configs.NEWNS) { err = pivotRoot(config.Rootfs) + } else { + err = chroot(config.Rootfs) } if err != nil { return newSystemErrorWithCause(err, "jailing process inside rootfs") @@ -702,6 +704,10 @@ func msMoveRoot(rootfs string) error { if err := unix.Mount(rootfs, "/", "", unix.MS_MOVE, ""); err != nil { return err } + return chroot(rootfs) +} + +func chroot(rootfs string) error { if err := unix.Chroot("."); err != nil { return err } diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 8a544ed5..02ea753e 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -65,14 +65,9 @@ func (l *linuxStandardInit) Init() error { } label.Init() - - // prepareRootfs() can be executed only for a new mount namespace. - if l.config.Config.Namespaces.Contains(configs.NEWNS) { - if err := prepareRootfs(l.pipe, l.config); err != nil { - return err - } + if err := prepareRootfs(l.pipe, l.config); err != nil { + return err } - // Set up the console. This has to be done *before* we finalize the rootfs, // but *after* we've given the user the chance to set up all of the mounts // they wanted.