On Thu, Nov 09, 2017 at 04:54:06PM -0600, Eric W. Biederman wrote:
> Karel Zak <kzak@xxxxxxxxxx> writes:
>
> > Unfortunately, I'm not sure if this is the right way in all cases.
>
> I believe this will break all except the case mentioned.
I have expected something like this...
> My personal recommendation is not to use chroot with persistent mount
> namespaces. That just seems to keep unnecessary mounts around. Those
> extra mounts will almost certainly be a problem later when you discover
> you want to unmount one of those mounted filesystems you don't care
> about but are chrooting over.
>
> I think it would be quite reasonable to have an additional option to
> open things in the new mount namespace, just before exec. I just don't
> see how useful it would be.
It would be solution for this use-case, but it will increase
complexity and I'm not sure this use-case is important enough.
Especially if the all you need is to use chroot command before nsenter.
I don't think nsenter has to be all-in-one command. It's very basic
tool.
> A second possibility is to issue a warning if root and is not a member
> of the target mount namespace. That might even allow doing the right
> thing automatically. It looks like the mnt_id is available from
> /proc/<pid>/fdinfo/<fd#>. So it looks like it is possible with the
> existing kernel interfaces (at least in theory).
I'll think about it.
> Ugh. It looks like you commited your change below to sys-utils by
> accident.
OMG...<censored>... fixed. Thanks!
Karel
--
Karel Zak <kzak@xxxxxxxxxx>
http://karelzak.blogspot.com
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
