Noamiko Noamiko - 1 year ago 91
Linux Question

Creating a process in Linux with a different mount namespace

I'm trying to create a process that has a different mnt namespace from his parent.

For that, I use the following code:

static int childFunc(void *arg){
if (mount("/","/myfs", "sysfs", 0, NULL) == -1)
printf("Starting new bash. Child PID is %d\n",getpid());
printf("Shouldn't arrive here.\n");
return 0; /* Child terminates now */

#define STACK_SIZE (1024 * 1024) /* Stack size for cloned child */

int main(int argc, char *argv[]){
char *stack; /* Start of stack buffer */
char *stackTop; /* End of stack buffer */
pid_t pid;

/* Allocate stack for child */
stack = malloc(STACK_SIZE);
if (stack == NULL)
stackTop = stack + STACK_SIZE; /* Assume stack grows downward */

/* Create child that has its own MNT namespaces*/
pid = clone(childFunc, stackTop, CLONE_NEWNS | SIGCHLD, argv[1]);
if (pid == -1)
printf("clone() returned %ld\n", (long) pid);

if (waitpid(pid, NULL, 0) == -1) /* Wait for child */
printf("child has terminated\n");

When running it, I do get a bash shell, running in a different MNT namespace.
In order to verify it, I execute in another shell
sudo ls -l /proc/<child_pid>/ns
, and I indeed see that the child process has a different namespace from the rest of the processes in the system.

However, if I execute
from both of the shells - I get the same FSTAB output, and the line
myfs on /myfs type sysfs (rw,relatime)
appears in both of them.

What is the explanation for that?

Answer Source

You need to mark the the existing mounts as "private" before creating the new namespace:

mount --make-rprivate /