From 26539c64c53c0cdfadfb84b9286a19ba9cbdd2fe Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Mon, 12 Aug 2024 23:09:40 +0200 Subject: [PATCH] linux: attempt to make rootfs private too commit 66824320e3fe9b36e94b3f54d77779da498c6b2b introduced the regression. After that change, crun does not attempt anymore to make the rootfs directory private but starts from its parent directory, causing pivot_root to fail when the rootfs itself is a mountpoint. Closes: https://github.com/containers/crun/issues/1514 Signed-off-by: Giuseppe Scrivano --- src/libcrun/linux.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/libcrun/linux.c b/src/libcrun/linux.c index 390760741b..71922d20bf 100644 --- a/src/libcrun/linux.c +++ b/src/libcrun/linux.c @@ -2565,8 +2565,14 @@ make_parent_mount_private (const char *rootfs, libcrun_error_t *err) { int ret; errno = 0; - cleanup_close int parentfd = openat (rootfsfd, "..", O_PATH | O_CLOEXEC); + cleanup_close int parentfd = -1; + get_proc_self_fd_path (proc_path, rootfsfd); + ret = mount (NULL, proc_path, NULL, MS_PRIVATE, NULL); + if (ret == 0) + return 0; + + parentfd = openat (rootfsfd, "..", O_PATH | O_CLOEXEC); if (parentfd < 0) { ret = faccessat (rootfsfd, "..", X_OK, AT_EACCESS); @@ -2574,11 +2580,6 @@ make_parent_mount_private (const char *rootfs, libcrun_error_t *err) return crun_make_error (err, EACCES, "make `%s` private: a component is not accessible", rootfs); } - get_proc_self_fd_path (proc_path, parentfd); - ret = mount (NULL, proc_path, NULL, MS_PRIVATE, NULL); - if (ret == 0) - return 0; - close_and_reset (&rootfsfd); rootfsfd = get_and_reset (&parentfd); }