[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190805103630.tu4kytsbi5evfrhi@mikami>
Date: Mon, 5 Aug 2019 20:36:30 +1000
From: Aleksa Sarai <asarai@...e.de>
To: "Michael Kerrisk (man-pages)" <mtk.manpages@...il.com>
Cc: "Serge E. Hallyn" <serge@...lyn.com>,
linux-man <linux-man@...r.kernel.org>,
Containers <containers@...ts.linux-foundation.org>,
lkml <linux-kernel@...r.kernel.org>,
Andy Lutomirski <luto@...capital.net>,
Jordan Ogas <jogas@...l.gov>, Al Viro <viro@....linux.org.uk>
Subject: Re: pivot_root(".", ".") and the fchdir() dance
On 2019-08-01, Michael Kerrisk (man-pages) <mtk.manpages@...il.com> wrote:
> I'd like to add some documentation about the pivot_root(".", ".")
> idea, but I have a doubt/question. In the lxc_pivot_root() code we
> have these steps
>
> oldroot = open("/", O_DIRECTORY | O_RDONLY | O_CLOEXEC);
> newroot = open(rootfs, O_DIRECTORY | O_RDONLY | O_CLOEXEC);
>
> fchdir(newroot);
> pivot_root(".", ".");
>
> fchdir(oldroot); // ****
This one is "required" because (as the pivot_root(2) man page states),
it's technically not guaranteed by the kernel that the process's cwd
will be the same after pivot_root(2):
> pivot_root() may or may not change the current root and the current
> working directory of any processes or threads which use the old root
> directory.
Now, if it turns out that we can rely on the current behaviour (and the
man page you're improving is actually inaccurate on this point) then
you're right that this fchdir(2) isn't required.
> mount("", ".", "", MS_SLAVE | MS_REC, NULL);
> umount2(".", MNT_DETACH);
> fchdir(newroot); // ****
And this one is required because we are in @oldroot at this point, due
to the first fchdir(2). If we don't have the first one, then switching
from "." to "/" in the mount/umount2 calls should fix the issue.
We do something very similar to this in runc as well[1] (though, as the
commit message says, I "borrowed" the idea from LXC).
[1]: https://github.com/opencontainers/runc/commit/f8e6b5af5e120ab7599885bd13a932d970ccc748
--
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists