diff options
| author | Michael Kerrisk <mtk.manpages@gmail.com> | 2019-09-15 10:09:08 +0200 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2019-09-23 13:11:19 +0200 |
| commit | f646ac88ef83969f262c61905738d35c7b11a52e (patch) | |
| tree | a0663aae4241edbec725ee439d382833ed161e21 | |
| parent | 57bab66a921dbbb36839935b4c17c6e01039cc84 (diff) | |
| download | man-pages-f646ac88ef83969f262c61905738d35c7b11a52e.tar.gz | |
pivot_root.2: Tweak pivot_root(".", ".") example
Quoting Eric Biederman:
The concern from our conversation at the container
mini-summit was that there is a pathology if in your initial
mount namespace all of the mounts are marked MS_SHARED like
systemd does (and is almost necessary if you are going to
use mount propagation), that if new_root itself is MS_SHARED
then unmounting the old_root could propagate.
So I believe the desired sequence is:
>>> chdir(new_root);
+++ mount("", ".", MS_SLAVE | MS_REC, NULL);
>>> pivot_root(".", ".");
>>> umount2(".", MNT_DETACH);
The change to new new_root could be either MS_SLAVE or
MS_PRIVATE. So long as it is not MS_SHARED the mount won't
propagate back to the parent mount namespace.
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
| -rw-r--r-- | man2/pivot_root.2 | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/man2/pivot_root.2 b/man2/pivot_root.2 index 3cca8a30dd..6c84977d10 100644 --- a/man2/pivot_root.2 +++ b/man2/pivot_root.2 @@ -220,6 +220,8 @@ without needing to create and remove a temporary directory: .in +4n .EX chdir(new_root); +mount("", ".", MS_SLAVE | MS_REC, NULL); + /* Or: MS_PRIVATE | MS_REC */ pivot_root(".", "."); umount2(".", MNT_DETACH); .EE |