if /proc is bind-mounted, make it a (recursive) slave mount so that changes to it (like unmounting) do not propagate to the outside

Thanks: Helmut Grohne
This commit is contained in:
Johannes Schauer Marin Rodrigues 2023-02-10 13:26:24 +01:00
parent b18849caac
commit 8d9a94fca5
Signed by untrusted user: josch
GPG key ID: F2CBA5C78FBD83E1

View file

@ -1461,10 +1461,22 @@ sub setup_mounts {
"$options->{root}/proc" "$options->{root}/proc"
) )
) { ) {
warning("since mounting /proc normally failed, /proc is now "
. "bind-mounted instead");
# to make sure that changes (like unmounting) to the
# bind-mounted /proc do not affect the outside /proc, change
# all the bind-mounts under /proc to be a slave mount.
if (
0 != system('mount', '--make-rslave',
"$options->{root}/proc")) {
warning("mount --make-rslave /proc failed");
}
push @cleanup_tasks, sub { push @cleanup_tasks, sub {
# since we cannot write to /etc/mtab we need --no-mtab # since we cannot write to /etc/mtab we need --no-mtab
0 == system('umount', '--no-mtab', "$options->{root}/proc") 0 == system(
or warning("umount /proc failed: $?"); 'umount', '--no-mtab',
'--lazy', "$options->{root}/proc"
) or warning("umount /proc failed: $?");
}; };
} else { } else {
error "mount /proc failed: $?"; error "mount /proc failed: $?";