[Rpm-maint] [rpm-software-management/rpm] Disable private mounts in chroot'ed operation in the unshare plugin (PR #3228)

Panu Matilainen notifications at github.com
Wed Aug 14 09:23:35 UTC 2024 

That's a good question. I basically copy-pasted it from https://github.com/rpm-software-management/rpm/pull/2617, assuming this is just part of the magic incantation to make any mount changes in the scriptlet private to the scriptlet. But, isn't that what CLONE_NEWNS is about? Looking at mount(2):

       A child process created by fork(2) shares its parent's mount namespace;
       the mount namespace is preserved across an execve(2).

       A process can obtain a private mount namespace if: it was created using
       the  clone(2) CLONE_NEWNS flag, in which case its new namespace is ini‐
       tialized to be a copy of the  namespace  of  the  process  that  called
       clone(2);  or  it  calls  unshare(2)  with  the CLONE_NEWNS flag, which
       causes the caller's mount namespace to obtain a  private  copy  of  the
       namespace  that it was previously sharing with other processes, so that
       future mounts and  unmounts  by  the  caller  are  invisible  to  other
       processes (except child processes that the caller subsequently creates)
       and vice versa.

@jsegitz, do you remember what the deal with the / mount was?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3228#issuecomment-2288272347
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/3228/c2288272347 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20240814/630e3c30/attachment-0001.html>

More information about the Rpm-maint mailing list