Skip to content

Commit

Permalink
executor/linux: change mount propagation type to private
Browse files Browse the repository at this point in the history 
unshare(CLONE_NEWNS) might not be sufficient for making all test processes run in
separate mount namespace, for "mount --make-rshared /" request issued by systemd
causes mount operations issued by test processes visible from outside of test
processes. Issue "mount --make-rprivate /" request after unshare(CLONE_NEWNS).
  • Loading branch information
@dvyukov
Tetsuo Handa authored and dvyukov committed Aug 26, 2020
1 parent 344da16 commit 318430c
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
3 changes: 3 additions & 0 deletions executor/common_linux.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3318,6 +3318,9 @@ static void sandbox_common()
if (unshare(CLONE_NEWNS)) {
debug("unshare(CLONE_NEWNS): %d\n", errno);
}
if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL)) {
debug("mount(\"/\", MS_REC | MS_PRIVATE): %d\n", errno);
}
if (unshare(CLONE_NEWIPC)) {
debug("unshare(CLONE_NEWIPC): %d\n", errno);
}
Expand Down
3 changes: 3 additions & 0 deletions pkg/csource/generated.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 318430c

Please sign in to comment.