[CRIU] [PATCH] net: mount sysfs in a new mount name-space

[Andrey Vagin]

The current scheme is racy. It use open_detache_mount in a current
name-space. If a mount namespace is created by someone else between
mount and umount(detach) in open_detache_mount, the mount will be
propagated in the new mntns, then it is detached in a current ns and
rmdir fails, because it's still mounted in athother mntns.

This patch creates a new mount namespace for mounting sysfs.

Signed-off-by: Andrey Vagin <avagin at openvz.org>
---
 net.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/net.c b/net.c
index a6419a6..2884a45 100644
--- a/net.c
+++ b/net.c
@@ -434,6 +434,20 @@ static int mount_ns_sysfs(void)
 
 	BUG_ON(ns_sysfs_fd != -1);
 
+	/*
+	 * A new mntns is required to avaoid the race between
+	 * open_detach_mount and creating mntns.
+	 */
+	if (unshare(CLONE_NEWNS)) {
+		pr_perror("Can't create new mount namespace");
+		return -1;
+	}
+
+	if (mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL)) {
+		pr_perror("Can't mark the root mount as private");
+		return -1;
+	}
+
 	if (mkdtemp(sys_mount) == NULL) {
 		pr_perror("mkdtemp failed %s", sys_mount);
 		return -1;
-- 
1.8.3.1