[systemd-devel] avoid unmounts in unprivileged containers
Lennart Poettering
lennart at poettering.net
Mon Mar 1 21:29:55 UTC 2021
On Sa, 27.02.21 11:28, Rodny Molina (rodnymolina at gmail.com) wrote:
> Thanks for your detailed answer / explanation Lennart, it's fully
> consistent with my code-browsing findings.
>
> I've been struggling myself with the problem that you alluded above to
> identify "foreign" mountpoints. After banging my head against the wall for
> a while i ended up implementing an heuristic based on the
> major:minor-number field of the /proc/pid/mountinfo file: if the container
> mountpoint being considered has a major:minor-id that matches those
> major:minor-ids present in the host mount namespace, then this one is
> likely a "foreign" mountpoint, and shouldn't be unmounted.
Not sure I follow. We'd need this from inside the container, so that
we don't even try to unmount the file system. But from "inside" we
have no outside to the host mount namespace...
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list