mount a new sysfs when root and don't unmount with --recursive

This commit is contained in:
Johannes 'josch' Schauer 2018-10-01 17:17:34 +02:00
parent 62b92bb229
commit 640d854c2e
Signed by: josch
GPG key ID: F2CBA5C78FBD83E1

View file

@ -1076,9 +1076,15 @@ sub setup {
chmod $mode, "$options->{root}/$fname"; chmod $mode, "$options->{root}/$fname";
} }
# We can only mount /proc and /sys after extracting the essential # We can only mount /proc and /sys after extracting the essential
# set because if we mount it before, then base-files not be able # set because if we mount it before, then base-files will not be able
# to extract those # to extract those
if ($options->{mode} eq 'unshare') {
# without the network namespace unshared, we cannot mount a new
# sysfs. Since we need network, we just bind-mount.
0 == system('mount', '-o', 'rbind', '/sys', "$options->{root}/sys") or die "mount failed: $?"; 0 == system('mount', '-o', 'rbind', '/sys', "$options->{root}/sys") or die "mount failed: $?";
} else {
0 == system('mount', '-t', 'sysfs', '-o', 'nosuid,nodev,noexec', 'sys', "$options->{root}/sys") or die "mount failed: $?";
}
0 == system('mount', '-t', 'proc', 'proc', "$options->{root}/proc") or die "mount failed: $?"; 0 == system('mount', '-t', 'proc', 'proc', "$options->{root}/proc") or die "mount failed: $?";
# prevent daemons from starting # prevent daemons from starting
@ -1135,7 +1141,7 @@ sub setup {
} }
# no need to umount if the mount namespace was unshared # no need to umount if the mount namespace was unshared
if ($options->{mode} ne 'unshare') { if ($options->{mode} ne 'unshare') {
0 == system('umount', '--no-mtab', '--recursive', '--lazy', "$options->{root}/sys") or die "umount failed: $?"; 0 == system('umount', '--no-mtab', "$options->{root}/sys") or die "umount failed: $?";
0 == system('umount', '--no-mtab', "$options->{root}/proc") or die "umount failed: $?"; 0 == system('umount', '--no-mtab', "$options->{root}/proc") or die "umount failed: $?";
} }
} }