namespace: remount namespace root dir for SLAVE to avoid propagation of mounts from the namespace to the host

https://bugzilla.redhat.com/show_bug.cgi?id=752540
author: Daniel Walsh <dwalsh@redhat.com> 2012-01-03 21:12:10 +0100
committer: Lennart Poettering <lennart@poettering.net> 2012-01-03 21:12:10 +0100
commit: dc4b02006455a4dddeb6ccc1f6656c89d3ebd27c (patch)
tree: 69a0b81c79bf9a19ffd965247f92c8dcbf469ccc
parent: 86aa7ba4f9969bbfc75ebd51f944313695f1a0a1 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/src/namespace.c b/src/namespace.c
index 54b22f494e..a06cac10fd 100644
--- a/src/namespace.c
+++ b/src/namespace.c
@@ -266,8 +266,12 @@ int setup_namespace(
                 goto fail;
         }
 
-        /* We assume that by default mount events from us won't be
-         * propagated to the root namespace. */
+        /* Remount / as SLAVE so that nothing mounted in the namespace
+           shows up in the parent */
+        if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
+                r = -errno;
+                goto fail;
+        }
 
         for (p = paths; p < paths + n; p++)
                 if ((r = apply_mount(p, root_dir, inaccessible_dir, private_dir, flags)) < 0)
author	Daniel Walsh <dwalsh@redhat.com>	2012-01-03 21:12:10 +0100
committer	Lennart Poettering <lennart@poettering.net>	2012-01-03 21:12:10 +0100
commit	dc4b02006455a4dddeb6ccc1f6656c89d3ebd27c (patch)
tree	69a0b81c79bf9a19ffd965247f92c8dcbf469ccc
parent	86aa7ba4f9969bbfc75ebd51f944313695f1a0a1 (diff)