jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
runc/libcontainer/specconv
History
Aleksa Sarai d4f0f9a52b
specconv: emit an error when using MS_PRIVATE with --no-pivot 
Due to the semantics of chroot(2) when it comes to mount namespaces, it
is not generally safe to use MS_PRIVATE as a mount propgation when using
chroot(2). The reason for this is that this effectively results in a set
of mount references being held by the chroot'd namespace which the
namespace cannot free. pivot_root(2) does not have this issue because
the @old_root can be unmounted by the process.

Ultimately, --no-pivot is not really necessary anymore as a commonly
used option since f8e6b5af5e ("rootfs: make pivot_root not use a
temporary directory") resolved the read-only issue. But if someone
really needs to use it, MS_PRIVATE is never a good idea.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
 		2017-10-08 17:50:55 +11:00
..
example.go Delete unused function 2017-09-08 10:35:46 +08:00
spec_linux.go specconv: emit an error when using MS_PRIVATE with --no-pivot 2017-10-08 17:50:55 +11:00
spec_linux_test.go rootless: add autogenerated rootless config from `runc spec` 2017-03-23 20:46:21 +11:00