mirror of https://github.com/mkerrisk/man-pages
pivot_root.2: Tweak pivot_root(".", ".") example
Quoting Eric Biederman: The concern from our conversation at the container mini-summit was that there is a pathology if in your initial mount namespace all of the mounts are marked MS_SHARED like systemd does (and is almost necessary if you are going to use mount propagation), that if new_root itself is MS_SHARED then unmounting the old_root could propagate. So I believe the desired sequence is: >>> chdir(new_root); +++ mount("", ".", MS_SLAVE | MS_REC, NULL); >>> pivot_root(".", "."); >>> umount2(".", MNT_DETACH); The change to new new_root could be either MS_SLAVE or MS_PRIVATE. So long as it is not MS_SHARED the mount won't propagate back to the parent mount namespace. Reported-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
57bab66a92
commit
f646ac88ef
|
@ -220,6 +220,8 @@ without needing to create and remove a temporary directory:
|
|||
.in +4n
|
||||
.EX
|
||||
chdir(new_root);
|
||||
mount("", ".", MS_SLAVE | MS_REC, NULL);
|
||||
/* Or: MS_PRIVATE | MS_REC */
|
||||
pivot_root(".", ".");
|
||||
umount2(".", MNT_DETACH);
|
||||
.EE
|
||||
|
|
Loading…
Reference in New Issue