How do I make a clean mount namespace?

How do I make a clean mount namespace?

[Andy Lutomirski]

I want to set up a little container.  So I unshare the mount namespace
and mount something somewhere (say /mnt) that I want to be my new
root.  Now what?

pivot_root("/mnt", "/mnt/garbage") seems to frequently return -EBUSY.

mounting /mnt onto / using MS_MOVE seems to succeed, but / still
points at the old root.

Am I missing a clean way to do this?  I want a way to say "make this
mountpoint be the root of the whole mount namespace and lazy-unmount
everything outside it".  If there is no straightforward way to do
that, can we add one?

--Andy

-- 
Andy Lutomirski
AMA Capital Management, LLC

Re: How do I make a clean mount namespace?

[Richard Weinberger]

On Wed, Apr 23, 2014 at 12:12 AM, Andy Lutomirski <luto@amacapital.net> wrote:
> I want to set up a little container.  So I unshare the mount namespace
> and mount something somewhere (say /mnt) that I want to be my new
> root.  Now what?
>
> pivot_root("/mnt", "/mnt/garbage") seems to frequently return -EBUSY.
>
> mounting /mnt onto / using MS_MOVE seems to succeed, but / still
> points at the old root.
>
> Am I missing a clean way to do this?  I want a way to say "make this
> mountpoint be the root of the whole mount namespace and lazy-unmount
> everything outside it".  If there is no straightforward way to do
> that, can we add one?

I fear you have to read /proc/mounts and umount() everything in the
correct order.
If you find a better way, please tell. :-)

-- 
Thanks,
//richard

Re: How do I make a clean mount namespace?

[Andy Lutomirski]

On Wed, Apr 23, 2014 at 1:01 PM, Richard Weinberger
<richard.weinberger@gmail.com> wrote:
> On Wed, Apr 23, 2014 at 12:12 AM, Andy Lutomirski <luto@amacapital.net> wrote:
>> I want to set up a little container.  So I unshare the mount namespace
>> and mount something somewhere (say /mnt) that I want to be my new
>> root.  Now what?
>>
>> pivot_root("/mnt", "/mnt/garbage") seems to frequently return -EBUSY.
>>
>> mounting /mnt onto / using MS_MOVE seems to succeed, but / still
>> points at the old root.
>>
>> Am I missing a clean way to do this?  I want a way to say "make this
>> mountpoint be the root of the whole mount namespace and lazy-unmount
>> everything outside it".  If there is no straightforward way to do
>> that, can we add one?
>
> I fear you have to read /proc/mounts and umount() everything in the
> correct order.
> If you find a better way, please tell. :-)
>

How about adding a new syscall:

int change_root_mount(const char *path, unsigned long flags);

This requires CAP_SYS_ADMIN and it requires that the caller is not
chrooted.  path must be a mountpoint and flags must be zero.

It lazy-unmounts everything outside path, and it moves path to /.
When it's done, the current process's root is '/'.  If you want to
retain temporary access to outside things, you can keep an fd open.
If the old root is shared, it is made private.  It's okay for path to
be shared (I think).

If other things are already running in the current mount namespace,
then their root directory stays the same, so they keep working, but
they may be a little confused.

I think this could replace pivot_root for most use cases, and it could
simplify programs like switch_root.

Thoughts?

--Andy

Re: How do I make a clean mount namespace?

[Al Viro]

On Wed, Apr 23, 2014 at 05:54:31PM -0700, Andy Lutomirski wrote:

> This requires CAP_SYS_ADMIN and it requires that the caller is not
> chrooted.  path must be a mountpoint and flags must be zero.
> 
> It lazy-unmounts everything outside path, and it moves path to /.
> When it's done, the current process's root is '/'.  If you want to
> retain temporary access to outside things, you can keep an fd open.
> If the old root is shared, it is made private.  It's okay for path to
> be shared (I think).
> 
> If other things are already running in the current mount namespace,
> then their root directory stays the same, so they keep working, but
> they may be a little confused.
> 
> I think this could replace pivot_root for most use cases, and it could
> simplify programs like switch_root.
> 
> Thoughts?

chdir(new);
pivot_root(".", old);
umount(old, MNT_DETACH);
chroot(".");

Re: How do I make a clean mount namespace?

[Al Viro]

On Tue, Apr 22, 2014 at 03:12:11PM -0700, Andy Lutomirski wrote:
> I want to set up a little container.  So I unshare the mount namespace
> and mount something somewhere (say /mnt) that I want to be my new
> root.  Now what?
> 
> pivot_root("/mnt", "/mnt/garbage") seems to frequently return -EBUSY.

RTFM.  Literally - man 2 pivot_root and look for the only place where
it mentions EBUSY.

If you get that error, check what you've got in /proc/mounts (in the
namespace your process is in, obviously) just before the syscall.
With these arguments you really want /mnt to be a mountpoint.  If your
new root really lives on the same fs as the old one, just do
mount --bind /mnt /mnt before any other mounts.

Re: How do I make a clean mount namespace?

[Andy Lutomirski]

On Wed, Apr 23, 2014 at 7:39 PM, Al Viro <viro@zeniv.linux.org.uk> wrote:
> On Tue, Apr 22, 2014 at 03:12:11PM -0700, Andy Lutomirski wrote:
>> I want to set up a little container.  So I unshare the mount namespace
>> and mount something somewhere (say /mnt) that I want to be my new
>> root.  Now what?
>>
>> pivot_root("/mnt", "/mnt/garbage") seems to frequently return -EBUSY.
>
> RTFM.  Literally - man 2 pivot_root and look for the only place where
> it mentions EBUSY.
>
> If you get that error, check what you've got in /proc/mounts (in the
> namespace your process is in, obviously) just before the syscall.
> With these arguments you really want /mnt to be a mountpoint.  If your
> new root really lives on the same fs as the old one, just do
> mount --bind /mnt /mnt before any other mounts.

Wow -- thanks!  I read that part, but I'm apparently bad at following
directions.

Should I expect things to work if I unshare mounts but don't do a
mount --make-rprivate / before the pivot_rot?

--Andy