From mboxrd@z Thu Jan  1 00:00:00 1970
From: Al Viro <viro@ZenIV.linux.org.uk>
Subject: Re: How do I make a clean mount namespace?
Date: Thu, 24 Apr 2014 03:24:57 +0100
Message-ID: <20140424022457.GV18016@ZenIV.linux.org.uk>
References: <CALCETrXE_T-3eKmVKZNkAfoyvC0CcUATDK7fGPvQrR9H=RHQag@mail.gmail.com>
 <CAFLxGvyn4q3VfRrAcjO6meZ1UJwRZ5-yeaMExGX5ogtnuAkPBQ@mail.gmail.com>
 <CALCETrUOEFwnYqKNtB3XKqsM1HNnOR9x-MXV8mjdR6ErUL3jGg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Richard Weinberger <richard.weinberger@gmail.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	Linux FS Devel <linux-fsdevel@vger.kernel.org>
To: Andy Lutomirski <luto@amacapital.net>
Return-path: <linux-kernel-owner@vger.kernel.org>
Content-Disposition: inline
In-Reply-To: <CALCETrUOEFwnYqKNtB3XKqsM1HNnOR9x-MXV8mjdR6ErUL3jGg@mail.gmail.com>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On Wed, Apr 23, 2014 at 05:54:31PM -0700, Andy Lutomirski wrote:

> This requires CAP_SYS_ADMIN and it requires that the caller is not
> chrooted.  path must be a mountpoint and flags must be zero.
> 
> It lazy-unmounts everything outside path, and it moves path to /.
> When it's done, the current process's root is '/'.  If you want to
> retain temporary access to outside things, you can keep an fd open.
> If the old root is shared, it is made private.  It's okay for path to
> be shared (I think).
> 
> If other things are already running in the current mount namespace,
> then their root directory stays the same, so they keep working, but
> they may be a little confused.
> 
> I think this could replace pivot_root for most use cases, and it could
> simplify programs like switch_root.
> 
> Thoughts?

chdir(new);
pivot_root(".", old);
umount(old, MNT_DETACH);
chroot(".");