Re: [RFC PATCH user-cr] remount /proc for new pidns

"Serge E. Hallyn" <serue@xxxxxxxxxx> · Thu, 10 Dec 2009 13:04:38 -0600

Quoting Serge E. Hallyn (serue@xxxxxxxxxx):
> Not doing this can be a pain for restarted software which relies on
> proc...

How embarrassing...  if we don't unshare(CLONE_NEWNS) for pidns we
mess up the proc mount for the whole system...  Pls use this version
instead.

>From 57588540937a892a49b692a4630b34d5984a8792 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serue@xxxxxxxxxx>
Date: Thu, 3 Dec 2009 21:40:30 -0600
Subject: [PATCH 1/1] remount /proc for new pidns

Changelog: Dec 10: unshare(CLONE_NEWNS) for --pidns

Signed-off-by: Serge Hallyn <serue@xxxxxxxxxx>
---
 restart.c |   27 ++++++++++++++++++++++-----
 1 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/restart.c b/restart.c
index ddd0a63..6c9ac5d 100644
--- a/restart.c
+++ b/restart.c
@@ -777,6 +777,14 @@ int main(int argc, char *argv[])
 		exit(1);
 	}
 
+	if (args.pty || args.pidns) {
+		ret = unshare(CLONE_NEWNS);
+		if (ret) {
+			perror("unshare mounts ns (for -pty)");
+			exit(1);
+		}
+	}
+
 	/* private devpts namespace? */
 	if (args.pty) {
 		struct stat ptystat;
@@ -790,11 +798,6 @@ int main(int argc, char *argv[])
 			printf("Error: /dev/ptmx must be a link to /dev/pts/ptmx\n");
 			exit(1);
 		}
-		ret = unshare(CLONE_NEWNS);
-		if (ret) {
-			perror("unshare mounts ns (for -pty)");
-			exit(1);
-		}
 		ret = mount("pts", "/dev/pts", "devpts", 0, "newinstance");
 		if (ret) {
 			perror("mount -t devpts -o newinstance");
@@ -1005,6 +1008,13 @@ static int ckpt_probe_child(pid_t pid, char *str)
 static int __ckpt_coordinator(void *arg)
 {
 	struct ckpt_ctx *ctx = (struct ckpt_ctx *) arg;
+	int ret;
+
+	ret = mount("proc", "/proc", "proc", 0, NULL);
+	if (ret) {
+		perror("mount -t proc proc /proc");
+		exit(1);
+	}
 
 	if (!ctx->args->wait)
 		close(ctx->pipe_coord[0]);
@@ -1869,6 +1879,13 @@ int ckpt_fork_stub(void *data)
 	struct task *task = (struct task *) data;
 	struct ckpt_ctx *ctx = task->ctx;
 
+	if (task->flags & TASK_NEWPID) {
+		int ret = mount("proc", "/proc", "proc", 0, NULL);
+		if (ret) {
+			perror("mount -t proc");
+			exit(1);
+		}
+	}
 	/*
 	 * In restart into a new pid namespace (--pidns), coordinator
 	 * is the container init, hence if it terminated permatutely
-- 
1.6.4.4

_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers




