rootfsParentMountPrivate ensures rootfs parent mount is private. This is needed for two reasons: - pivot_root() will fail if parent mount is shared; - when we bind mount rootfs, if its parent is not private, the new mount will propagate (leak!) to parent namespace and we don't want that.
(path string)
| 1072 | // - when we bind mount rootfs, if its parent is not private, the new mount |
| 1073 | // will propagate (leak!) to parent namespace and we don't want that. |
| 1074 | func rootfsParentMountPrivate(path string) error { |
| 1075 | var err error |
| 1076 | // Assuming path is absolute and clean (this is checked in |
| 1077 | // libcontainer/validate). Any error other than EINVAL means we failed, |
| 1078 | // and EINVAL means this is not a mount point, so traverse up until we |
| 1079 | // find one. |
| 1080 | for { |
| 1081 | err = unix.Mount("", path, "", unix.MS_PRIVATE, "") |
| 1082 | if err == nil { |
| 1083 | return nil |
| 1084 | } |
| 1085 | if err != unix.EINVAL || path == "/" { |
| 1086 | break |
| 1087 | } |
| 1088 | path = filepath.Dir(path) |
| 1089 | } |
| 1090 | return &mountError{ |
| 1091 | op: "remount-private", |
| 1092 | target: path, |
| 1093 | flags: unix.MS_PRIVATE, |
| 1094 | err: err, |
| 1095 | } |
| 1096 | } |
| 1097 | |
| 1098 | func prepareRoot(config *configs.Config) error { |
| 1099 | flag := unix.MS_SLAVE | unix.MS_REC |
no outgoing calls
no test coverage detected
searching dependent graphs…