[lxc-devel] [PATCH V1] Use pivot_root and umount2 instead of chroot
Steven Stewart-Gallus
sstewartgallus00 at mylangara.bc.ca
Mon Sep 1 03:24:15 UTC 2014
chrooting leaves the old mount information in /proc/mounts and gives
me anxiety. Explicitly switch root directories and unmount the old
root directory.
Signed-off-by: Steven Stewart-Gallus <sstewartgallus00 at mylangara.bc.ca>
---
Hello! In my own little sandbox program I use pivot_root and umount2
instead of chroot. It seems a lot more fool proof to me and also
removes the old mount information from /proc/mounts. I noticed that
LXC didn't use this technique so I wanted to share it with LXC.
Unfortunately, LXC's build system was mysteriously failing at building
the documentation so I couldn't test this patch. In any case, I
wanted to discuss the general approach anyways mostly.
Thank you,
Steven Stewart-Gallus
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index ee8f491..38e33f4 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -3397,10 +3397,17 @@ static bool do_add_remove_node(pid_t init_pid, const
char *path, bool add,
if (ret < 0 || ret >= MAXPATHLEN)
return false;
- if (chroot(chrootpath) < 0)
+ if (chdir(chrootpath) < 0)
exit(1);
- if (chdir("/") < 0)
+
+ if (syscall(__NR_pivot_root, ".", ".") < 0) {
+ exit(1);
+ }
+
+ if (umount2(".", MNT_DETACH) < 0) {
exit(1);
+ }
+
/* remove path if it exists */
if(faccessat(AT_FDCWD, path, F_OK, AT_SYMLINK_NOFOLLOW) == 0) {
if (unlink(path) < 0) {
More information about the lxc-devel
mailing list