Hi David,
I reported this problem about a month ago when patches were not in the
linux-next. Now they are there and we can't run CRIU tests, because it
is impossible to mount /proc in a container.
[root@fc24 ~]# strace unshare -Urnm --mount-proc true
unshare(CLONE_NEWNS|CLONE_NEWNET|CLONE_NEWUSER) = 0
openat(AT_FDCWD, "/proc/self/setgroups", O_WRONLY) = 3
write(3, "deny", 4) = 4
close(3) = 0
openat(AT_FDCWD, "/proc/self/uid_map", O_WRONLY) = 3
write(3, "0 0 1", 5) = 5
close(3) = 0
openat(AT_FDCWD, "/proc/self/gid_map", O_WRONLY) = 3
write(3, "0 0 1", 5) = 5
close(3) = 0
mount("none", "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
mount("none", "/proc", NULL, MS_REC|MS_PRIVATE, NULL) = 0
mount("proc", "/proc", "proc", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL) =
-1 EBUSY (Device or resource busy)
https://travis-ci.org/avagin/linux/jobs/416641093
Thanks,
Andrei
On Thu, Aug 16, 2018 at 12:34 AM Andrei Vagin <avagin@xxxxxxxxxx> wrote:
>
> A user namespace should be taken from a pidns for which a procfs is created.
>
> Signed-off-by: Andrei Vagin <avagin@xxxxxxxxx>
> ---
> fs/proc/root.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/fs/proc/root.c b/fs/proc/root.c
> index 1d6e5bfa30cc..1419b48a89ab 100644
> --- a/fs/proc/root.c
> +++ b/fs/proc/root.c
> @@ -315,6 +315,11 @@ int pid_ns_prepare_proc(struct pid_namespace *ns)
> if (IS_ERR(fc))
> return PTR_ERR(fc);
>
> + if (fc->user_ns != ns->user_ns) {
> + put_user_ns(fc->user_ns);
> + fc->user_ns = get_user_ns(ns->user_ns);
> + }
> +
> ctx = fc->fs_private;
> if (ctx->pid_ns != ns) {
> put_pid_ns(ctx->pid_ns);
> --
> 2.17.1
>
