From: Krister Johansen <kjlx@templeofstupid.com>
To: Andrei Vagin <avagin@gmail.com>
Cc: Krister Johansen <kjlx@templeofstupid.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Linux Containers <containers@lists.linux-foundation.org>,
Al Viro <viro@zeniv.linux.org.uk>
Subject: Re: Possible bug: detached mounts difficult to cleanup
Date: Fri, 13 Jan 2017 15:28:20 -0800 [thread overview]
Message-ID: <20170113232820.GA3094@templeofstupid.com> (raw)
In-Reply-To: <CANaxB-zMzS-euqR1_LvZSoEsO-Y6q=_qGNTJZCKZTL5WfFF16g@mail.gmail.com>
On Thu, Jan 12, 2017 at 04:37:13PM -0800, Andrei Vagin wrote:
> On Tue, Jan 10, 2017 at 7:07 PM, Krister Johansen
> <kjlx@templeofstupid.com> wrote:
> > On Wed, Jan 11, 2017 at 03:04:22PM +1300, Eric W. Biederman wrote:
> >> Any chance you have a trivial reproducer script?
> >>
> >> From you description I don't quite see the problem. I know where to
> >> look but if could give a script that reproduces the conditions you
> >> see that would make it easier for me to dig into, and would certainly
> >> would remove ambiguity. Ideally such a script would be runnable
> >> under unshare -Urm for easy repeated testing.
> >
> > My apologies. I don't have something that fits into a shell script, but
> > I can walk you through the simplest test case that I used when I was
> > debugging this.
> >
> > Create net a ns:
> >
> > $ sudo unshare -n bash
> > # echo $$
> > 2771
> >
> > In another terminal bind mount that ns onto a file:
> >
> > # mkdir /run/testns
> > # touch /run/testns/ns1
> > # mount --bind /proc/2771/ns/net /run/testns/ns1
> >
> > Back in first terminal, create a new ns, pivot root, and umount detach:
> >
> > # exit
> > $ unshare -U -m -n --propagation slave --map-root-user bash
> > # mkdir binddir
> > # mount --bind binddir binddir
> > # cp busybox binddir
> > # mkdir binddir/old_root
> > # cd binddir
> > # pivot_root . old_root
> > # ./busybox umount -l old_root
>
> Hi,
>
> But this process still has mappings from "old_root"
> [root@fc24 busybox]# cat /proc/$$/maps
> 5607360f1000-5607361e9000 r-xp 00000000 fd:02 1176793
> /usr/bin/bash
> 5607363e8000-5607363ec000 r--p 000f7000 fd:02 1176793
> /usr/bin/bash
> 5607363ec000-5607363f5000 rw-p 000fb000 fd:02 1176793
> /usr/bin/bash
> ...
>
> You have to call "exec ./busybox sh" to release all "old_root" mounts.
> And in this case I see that a net namespace is destroyed:
>
> [root@fc24 busybox]# cat /proc/slabinfo | /bin/grep net_name
> net_namespace 5 8 6784 4 8 : tunables 0 0
> 0 : slabdata 2 2 0
> [root@fc24 busybox]# exec /bin/sh
> / # cat /proc/slabinfo | /bin/grep -- net
> net_namespace 4 8 6784 4 8 : tunables 0 0
> 0 : slabdata 2 2 0
Thanks. This seems to be the part of the puzzle that I was missing. I
went back and looked and found that the container pid 1 did have live
memory mappings to files that are mounted on the old_root. Appreciate
the nudge in the right direction.
-K
next prev parent reply other threads:[~2017-01-13 23:28 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-11 1:24 Possible bug: detached mounts difficult to cleanup Krister Johansen
[not found] ` <20170111012454.GB2497-6woCzk5+qv5TrMCiz+cRkdBPR1lH4CV8@public.gmane.org>
2017-01-11 2:04 ` Eric W. Biederman
2017-01-11 2:04 ` Eric W. Biederman
[not found] ` <87r34a5p3t.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-01-11 3:07 ` Krister Johansen
2017-01-11 3:07 ` Krister Johansen
[not found] ` <20170111030753.GC2497-6woCzk5+qv5TrMCiz+cRkdBPR1lH4CV8@public.gmane.org>
2017-01-13 0:37 ` Andrei Vagin
2017-01-13 0:37 ` Andrei Vagin
[not found] ` <CANaxB-zMzS-euqR1_LvZSoEsO-Y6q=_qGNTJZCKZTL5WfFF16g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-01-13 23:28 ` Krister Johansen
2017-01-13 23:28 ` Krister Johansen [this message]
2017-01-11 2:27 ` Eric W. Biederman
2017-01-11 2:27 ` Eric W. Biederman
[not found] ` <87fukqwcue.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-01-11 2:37 ` Eric W. Biederman
2017-01-11 2:37 ` Eric W. Biederman
[not found] ` <87shoqtj7z.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-01-12 6:15 ` Krister Johansen
2017-01-12 6:15 ` Krister Johansen
[not found] ` <20170112061539.GA2345-6woCzk5+qv5TrMCiz+cRkdBPR1lH4CV8@public.gmane.org>
2017-01-12 8:26 ` Eric W. Biederman
2017-01-12 8:26 ` Eric W. Biederman
[not found] ` <87r348y98z.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-01-13 23:28 ` Krister Johansen
2017-01-13 23:28 ` Krister Johansen
2017-01-11 2:51 ` Al Viro
2017-01-11 2:51 ` Al Viro
-- strict thread matches above, loose matches on Subject: below --
2017-01-11 1:24 Krister Johansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170113232820.GA3094@templeofstupid.com \
--to=kjlx@templeofstupid.com \
--cc=avagin@gmail.com \
--cc=containers@lists.linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.