init: Use pivot_root, not chroot

[cgwalters]

See containers/bootc#203

TL;DR using chroot instead of pivot_root breaks things that want to enter the root mountns from a different mount namespace.

[rwmjones]

pivot_root can't be used, see:

supermin/init/init.c

Line 282 in c8e79b7

/* Note that pivot_root won't work. See the note in Linux

and https://www.kernel.org/doc/html/v5.10/filesystems/ramfs-rootfs-initramfs.html (search for pivot_root). I don't know if this has changed, but Linux docs suggest not.

[cgwalters]

Thanks, sorry for not reading the comment above. I'm fine to close this as WONTFIX.

BTW, I think now that Linux supports root-on-virtiofs we could basically obsolete the supermin disk image building and this code I believe?

[rwmjones]

virtiofs is quite a bit more heavyweight than some files zipped up into a cpio. It involves running a daemon at least.

BTW what actually goes wrong because we don't use pivot_root? I don't think I've encountered any problem with it before. Edit: OK I read the other bug now. This seems strange though, you'd like the new mount namespace would start from the existing root.

[cgwalters]

• chroot changes just the process view of the filesystem
• pivot_root changes the mount namespace itself

The difference becomes visible when a process in a different mount namespace wants to enter the original mountns.

[dustymabe]

Note also the use of chroot means that user namespaces can't be used:

bash-5.2# unshare -U
unshare: unshare failed: Operation not permitted

This is by design (thanks @giuseppe for the link): https://github.com/torvalds/linux/blob/41bccc98fb7931d63d03f326a746ac4d429c1dd3/kernel/user_namespace.c#L98-L107