[CRIU] [PATCH 5/6] unshare: Mount new proc

[Andrew Vagin]

On Wed, Dec 09, 2015 at 03:01:33PM +0300, Pavel Emelyanov wrote:
> This makes sense in both -- mnt and pid ns, but still makes. So when
> we're in new mount namespace add new /proc mountpoint.
> 
> Signed-off-by: Pavel Emelyanov <xemul at parallels.com>
> ---
>  crtools.c |  2 +-
>  mount.c   | 12 ++++++++++++
>  2 files changed, 13 insertions(+), 1 deletion(-)
> 
> diff --git a/crtools.c b/crtools.c
> index a1a316f..24b4a3f 100644
> --- a/crtools.c
> +++ b/crtools.c
> @@ -130,7 +130,7 @@ static int parse_unshare_arg(char *opt)
>  	}
>  
>  	/* Only pid, mnt and user for now */
> -	if (opts.unshare_flags & ~(CLONE_NEWNS)) {
> +	if (opts.unshare_flags & ~(CLONE_NEWNS | 0x1)) {
>  		pr_err("Unsharing this namespace(s) is not supported yet\n");
>  		return -1;
>  	}
> diff --git a/mount.c b/mount.c
> index 8ebca94..36c4991 100644
> --- a/mount.c
> +++ b/mount.c
> @@ -3112,6 +3112,18 @@ int prepare_mnt_ns(void)
>  			return -1;
>  		}
>  
> +		if (opts.unshare_flags & 0x1) {

0x1 is a magic constant. Can we define it?

> +			mount(NULL, "/proc", NULL, MS_PRIVATE, NULL);

We need to check a return code here, otherwise we may corrupt a host
mount namespace.

> +			if (mount("proc", "/proc", "proc",
> +						MS_MGC_VAL | MS_NOSUID | MS_NOEXEC | MS_NODEV,
> +						NULL)) {
> +				pr_perror("Can't mount proc\n");
> +				return -1;
> +			}
> +
> +			pr_info("Re-mounted new fake proc\n");
> +		}
> +
>  		goto ns_created;
>  	}
>  
> -- 
> 1.9.3
> 
> 
> _______________________________________________
> CRIU mailing list
> CRIU at openvz.org
> https://lists.openvz.org/mailman/listinfo/criu