diff options
author | Stefano Brivio <sbrivio@redhat.com> | 2023-05-21 14:50:11 +0200 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2023-05-23 16:13:28 +0200 |
commit | b0e450aa8500648cc89ca4f68b6a6155267ccd9d (patch) | |
tree | de7d5fb94cdcfab8a6005c31c165d4d4a756b114 /isolation.c | |
parent | b0881aae6d91845821b2732f3fc8890e3d9ec4d2 (diff) | |
download | passt-b0e450aa8500648cc89ca4f68b6a6155267ccd9d.tar passt-b0e450aa8500648cc89ca4f68b6a6155267ccd9d.tar.gz passt-b0e450aa8500648cc89ca4f68b6a6155267ccd9d.tar.bz2 passt-b0e450aa8500648cc89ca4f68b6a6155267ccd9d.tar.lz passt-b0e450aa8500648cc89ca4f68b6a6155267ccd9d.tar.xz passt-b0e450aa8500648cc89ca4f68b6a6155267ccd9d.tar.zst passt-b0e450aa8500648cc89ca4f68b6a6155267ccd9d.zip |
pasta: Detach mount namespace, (re)mount procfs before spawning command
If we want /proc contents to be consistent after pasta spawns a child
process in a new PID namespace (only for operation without a
pre-existing namespace), we need to mount /proc after the clone(2)
call with CLONE_NEWPID, and we enable the child to do that by
passing, in the same call, the CLONE_NEWNS flag, as described by
pid_namespaces(7).
This is not really a remount: in fact, passing MS_REMOUNT to mount(2)
would make the call fail. We're in another mount namespace now, so
it's a fresh mount that has the effect of hiding the existing one.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'isolation.c')
0 files changed, 0 insertions, 0 deletions