From: Daniel Walsh <dwalsh@redhat.com>
Date: Tue, 3 Jan 2012 20:12:10 +0000 (+0100)
Subject: namespace: remount namespace root dir for SLAVE to avoid propagation of mounts from... 
X-Git-Tag: v38~95
X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dc4b02006455a4dddeb6ccc1f6656c89d3ebd27c;p=systemd

namespace: remount namespace root dir for SLAVE to avoid propagation of mounts from the namespace to the host

https://bugzilla.redhat.com/show_bug.cgi?id=752540
---

diff --git a/src/namespace.c b/src/namespace.c
index 54b22f49..a06cac10 100644
--- a/src/namespace.c
+++ b/src/namespace.c
@@ -266,8 +266,12 @@ int setup_namespace(
                 goto fail;
         }
 
-        /* We assume that by default mount events from us won't be
-         * propagated to the root namespace. */
+        /* Remount / as SLAVE so that nothing mounted in the namespace
+           shows up in the parent */
+        if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
+                r = -errno;
+                goto fail;
+        }
 
         for (p = paths; p < paths + n; p++)
                 if ((r = apply_mount(p, root_dir, inaccessible_dir, private_dir, flags)) < 0)