Use rslave instead of rprivate in chrootarchive
With `rprivate` there exists a race where a reference to a mount has
propagated to the new namespace, when `rprivate` is set the parent
namespace is not able to remove the mount due to that reference.
With `rslave` unmounts will propagate correctly into the namespace and
prevent the sort of transient errors that are possible with `rprivate`.
This is a similar fix to 117c92745b
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This commit is contained in:
Brian Goff
parent
d65ab869e8
commit
5ede64d63f
1 changed files with 7 additions and 2 deletions
|
|
@ -26,8 +26,13 @@ func chroot(path string) (err error) {
|
|||
return fmt.Errorf("Error creating mount namespace before pivot: %v", err)
|
||||
}
|
||||
|
||||
// make everything in new ns private
|
||||
if err := mount.MakeRPrivate("/"); err != nil {
|
||||
// Make everything in new ns slave.
|
||||
// Don't use `private` here as this could race where the mountns gets a
|
||||
// reference to a mount and an unmount from the host does not propagate,
|
||||
// which could potentially cause transient errors for other operations,
|
||||
// even though this should be relatively small window here `slave` should
|
||||
// not cause any problems.
|
||||
if err := mount.MakeRSlave("/"); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue