On 2019-08-01, Michael Kerrisk (man-pages) <mtk.manpages@xxxxxxxxx> wrote: > I'd like to add some documentation about the pivot_root(".", ".") > idea, but I have a doubt/question. In the lxc_pivot_root() code we > have these steps > > oldroot = open("/", O_DIRECTORY | O_RDONLY | O_CLOEXEC); > newroot = open(rootfs, O_DIRECTORY | O_RDONLY | O_CLOEXEC); > > fchdir(newroot); > pivot_root(".", "."); > > fchdir(oldroot); // **** This one is "required" because (as the pivot_root(2) man page states), it's technically not guaranteed by the kernel that the process's cwd will be the same after pivot_root(2): > pivot_root() may or may not change the current root and the current > working directory of any processes or threads which use the old root > directory. Now, if it turns out that we can rely on the current behaviour (and the man page you're improving is actually inaccurate on this point) then you're right that this fchdir(2) isn't required. > mount("", ".", "", MS_SLAVE | MS_REC, NULL); > umount2(".", MNT_DETACH); > fchdir(newroot); // **** And this one is required because we are in @oldroot at this point, due to the first fchdir(2). If we don't have the first one, then switching from "." to "/" in the mount/umount2 calls should fix the issue. We do something very similar to this in runc as well[1] (though, as the commit message says, I "borrowed" the idea from LXC). [1]: https://github.com/opencontainers/runc/commit/f8e6b5af5e120ab7599885bd13a932d970ccc748 -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH <https://www.cyphar.com/>
Attachment:
signature.asc
Description: PGP signature