Make pivotDir rprivate
pivotDir is the one where pivot_root() call puts the old root. We will unmount pivotDir() and delete it. Previously we were making / always rslave or rprivate. That will mean that pivotDir() could never have mounts which would be shared with parent mount namespace. That also means that unmounting pivotDir() was safe and none of the unmount will propagate to parent namespace and unmount things which we did not want to. But now user can specify that apply private, shared, slave on /. That means some of the mounts we inherited from parent could be shared and that also means if we umount pivotDir/, those mounts will get unmounted in parent too. That's not what we want. Instead make pivotDir rprivate so that unmounts don't propagate back to parent. Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
This commit is contained in:
parent
23ec72a426
commit
da8d776c08
|
@ -545,6 +545,13 @@ func pivotRoot(rootfs, pivotBaseDir string) error {
|
||||||
}
|
}
|
||||||
// path to pivot dir now changed, update
|
// path to pivot dir now changed, update
|
||||||
pivotDir = filepath.Join(pivotBaseDir, filepath.Base(pivotDir))
|
pivotDir = filepath.Join(pivotBaseDir, filepath.Base(pivotDir))
|
||||||
|
|
||||||
|
// Make pivotDir rprivate to make sure any of the unmounts don't
|
||||||
|
// propagate to parent.
|
||||||
|
if err := syscall.Mount("", pivotDir, "", syscall.MS_PRIVATE|syscall.MS_REC, ""); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
if err := syscall.Unmount(pivotDir, syscall.MNT_DETACH); err != nil {
|
if err := syscall.Unmount(pivotDir, syscall.MNT_DETACH); err != nil {
|
||||||
return fmt.Errorf("unmount pivot_root dir %s", err)
|
return fmt.Errorf("unmount pivot_root dir %s", err)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue