pivot_root.2: Tweak pivot_root(".", ".") example

Quoting Eric Biederman:

    The concern from our conversation at the container
    mini-summit was that there is a pathology if in your initial
    mount namespace all of the mounts are marked MS_SHARED like
    systemd does (and is almost necessary if you are going to
    use mount propagation), that if new_root itself is MS_SHARED
    then unmounting the old_root could propagate.

    So I believe the desired sequence is:

    >>>            chdir(new_root);
    +++            mount("", ".", MS_SLAVE | MS_REC, NULL);
    >>>            pivot_root(".", ".");
    >>>            umount2(".", MNT_DETACH);

    The change to new new_root could be either MS_SLAVE or
    MS_PRIVATE.  So long as it is not MS_SHARED the mount won't
    propagate back to the parent mount namespace.

Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

This commit is contained in:

Michael Kerrisk

2019-09-15 10:09:08 +02:00

parent 57bab66a92

commit f646ac88ef

1 changed files with 2 additions and 0 deletions

									
										2

man2/pivot_root.2

										View File
									
				@ -220,6 +220,8 @@ without needing to create and remove a temporary directory:

				.in +4n

				.EX

				chdir(new_root);

				mount("", ".", MS_SLAVE | MS_REC, NULL);

				        /* Or: MS_PRIVATE | MS_REC */

				pivot_root(".", ".");

				umount2(".", MNT_DETACH);

				.EE

pivot_root.2: Tweak pivot_root(".", ".") example

2 man2/pivot_root.2 Unescape Escape View File

2

man2/pivot_root.2

View File