[CRIU] [PATCH 01/17] mount: bind-mount root into itself if processes are restored in userns

[Andrey Vagin]

When we create a new mntns in a userns, all inhereted mounts are marked
as locked. pivot_root() returns EINVAL if a new root is locked.

Signed-off-by: Andrey Vagin <avagin at openvz.org>
---
 mount.c | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/mount.c b/mount.c
index 1de37a0..48e809e 100644
--- a/mount.c
+++ b/mount.c
@@ -1979,17 +1979,17 @@ int prepare_mnt_ns(void)
 	if (!mis)
 		goto out;
 
-	if (chdir(opts.root ? : "/")) {
-		pr_perror("chdir(%s) failed", opts.root ? : "/");
-		return -1;
-	}
-
 	/*
 	 * The new mount namespace is filled with the mountpoint
 	 * clones from the original one. We have to umount them
 	 * prior to recreating new ones.
 	 */
 	if (!opts.root) {
+		if (chdir("/")) {
+			pr_perror("chdir(\"/\") failed");
+			return -1;
+		}
+
 		if (clean_mnt_ns(ns.mnt.mntinfo_tree))
 			return -1;
 	} else {
@@ -2016,6 +2016,18 @@ int prepare_mnt_ns(void)
 			pr_perror("Can't remount the parent of the new root with MS_SLAVE");
 			return -1;
 		}
+
+		/* Unprivileged users can't reveal what is under a mount */
+		if (root_ns_mask & CLONE_NEWUSER) {
+			if (mount(opts.root, opts.root, NULL, MS_BIND | MS_REC, NULL)) {
+				pr_perror("Can't remount bind-mount %s into itself\n", opts.root);
+				return -1;
+			}
+		}
+		if (chdir(opts.root)) {
+			pr_perror("chdir(%s) failed", opts.root ? : "/");
+			return -1;
+		}
 	}
 
 	free_mntinfo(old);
-- 
1.9.3