File mininet-2.2.1-private-mount.patch of Package mininet

Overview Repositories Revisions Requests Users Attributes Meta

File mininet-2.2.1-private-mount.patch of Package mininet

From 96ea5367dbea7b77e6b7454c1de85b30b7ba7035 Mon Sep 17 00:00:00 2001
From: Tomasz Buchert <tomasz@debian.org>
Date: Fri, 6 Nov 2015 11:37:00 +0100
Subject: [PATCH] mnexec: properly setup the mount namespace

Systemd's default is to mark the root mount as shared and it is
inherited as such by the new mount namespace. This means that any
mounts performed inthe new namespace will be visible by the rest of
the system, breaking privateDirs.

To restore a more sane behaviour, we explicitly mark all mounts
recursively as private, meaning that we will no longer see new mounts
from the root namespace, and our mounts will also not propagate to the
rest of the system.

Fixes #565
---
 mnexec.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/mnexec.c b/mnexec.c
index a9cb867..d3f173d 100644
--- a/mnexec.c
+++ b/mnexec.c
@@ -130,6 +130,16 @@ int main(int argc, char *argv[])
                 perror("unshare");
                 return 1;
             }
+
+            /* Mark our whole hierarchy recursively as private, so that our
+             * mounts do not propagate to other processes.
+             */
+
+            if (mount("none", "/", NULL, MS_REC|MS_PRIVATE, NULL) == -1) {
+                perror("remount");
+                return 1;
+            }
+
             /* mount sysfs to pick up the new network namespace */
             if (mount("sysfs", "/sys", "sysfs", MS_MGC_VAL, NULL) == -1) {
                 perror("mount");

Places

File mininet-2.2.1-private-mount.patch of Package mininet

Places