On Wed, Apr 29, 2020 at 9:59 AM Miklos Szeredi <mszer...@redhat.com> wrote:
>
> On Tue, Apr 28, 2020 at 9:15 PM Dr. David Alan Gilbert
> <dgilb...@redhat.com> wrote:
>
> > So our current sequence is:
> >
> > (new namespace)
> > 1) if (mount(NULL, "/", NULL, MS_REC | MS_SLAVE, NULL) < 0) {
> > 2) if (mount("proc", "/proc", "proc",
> > ....
> > 3) if (mount(source, source, NULL, MS_BIND | MS_REC, NULL) < 0) {
> > 4) (chdir newroot, pivot, chdir oldroot)
> > 5) if (mount("", ".", "", MS_SLAVE | MS_REC, NULL) < 0) {
> > 6) if (umount2(".", MNT_DETACH) < 0) {
> >
> > So are you saying we need a:
> > if (mount(NULL, "/", NULL, MS_REC | MS_SHARED, NULL) < 0) {
> >
> > and can this go straight after (1) ?
>
> Or right before (3). Important thing is that that new mount will
> only receive propagation if the type of the mount at source (before
> (3) is performed) is shared.
And seems I was wrong. Bind mounting clones the slave property, hence
no need to set MS_SHARED. I.e. if the source was a slave, the bind
mount will be a slave to the same master as well; the two slaves won't
receive propagation between each other, but both will receive
propagation from the master.
The only reason to set MS_SHARED would be if the bind mount wanted to
receive propagation from within the cloned namespace. Which is not
the case.
Didn't I tell ya it was complicated ;)
Thanks,
Miklos
