From ecd92dffbc9e4d423169c35c3eebebaa2c961f9e Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 5 Jul 2021 12:11:42 +0200 Subject: [PATCH 1/2] lxc_unshare: make mount table private Signed-off-by: Christian Brauner --- src/lxc/tools/lxc_unshare.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/lxc/tools/lxc_unshare.c b/src/lxc/tools/lxc_unshare.c index b4b073a02..8e4716cf3 100644 --- a/src/lxc/tools/lxc_unshare.c +++ b/src/lxc/tools/lxc_unshare.c @@ -246,8 +246,13 @@ static int do_start(void *arg) } } - if ((start_arg->flags & CLONE_NEWNS) && start_arg->want_default_mounts) - lxc_setup_fs(); + if (start_arg->flags & CLONE_NEWNS) { + if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, 0) < 0) + _exit(EXIT_FAILURE); + + if (start_arg->want_default_mounts) + lxc_setup_fs(); + } if ((start_arg->flags & CLONE_NEWUTS) && want_hostname) if (sethostname(want_hostname, strlen(want_hostname)) < 0) { From a1ac26802cde69dc15e696c9e4b65b0a0561a653 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 5 Jul 2021 12:19:31 +0200 Subject: [PATCH 2/2] lxc_unshare: fix network device handling We were passing the wrong PID. Fix this! Link: https://discuss.linuxcontainers.org/t/problem-with-moving-interface-new-network-namespace-in-lxc-unshare Signed-off-by: Christian Brauner --- src/lxc/tools/lxc_unshare.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/lxc/tools/lxc_unshare.c b/src/lxc/tools/lxc_unshare.c index 8e4716cf3..a0ef5f618 100644 --- a/src/lxc/tools/lxc_unshare.c +++ b/src/lxc/tools/lxc_unshare.c @@ -416,7 +416,7 @@ int main(int argc, char *argv[]) if (lpid == 0) { char buf[256]; - ret = snprintf(buf, 256, "%d", lpid); + ret = snprintf(buf, 256, "%d", pid); if (ret < 0 || ret >= 256) _exit(EXIT_FAILURE); @@ -425,8 +425,7 @@ int main(int argc, char *argv[]) } if (wait_for_pid(lpid) != 0) - SYSERROR("Could not move interface \"%s\" into container %d", - ifname, lpid); + SYSERROR("Could not move interface \"%s\" into container %d", ifname, lpid); } free_ifname_list();