Noamiko Noamiko - 11 months ago 78
Linux Question

Creating a process in Linux with a different mount namespace

I'm trying to create a process that has a different mnt namespace from his parent.

For that, I use the following code:

static int childFunc(void *arg){
if (mount("/","/myfs", "sysfs", 0, NULL) == -1)
printf("Starting new bash. Child PID is %d\n",getpid());
printf("Shouldn't arrive here.\n");
return 0; /* Child terminates now */

#define STACK_SIZE (1024 * 1024) /* Stack size for cloned child */

int main(int argc, char *argv[]){
char *stack; /* Start of stack buffer */
char *stackTop; /* End of stack buffer */
pid_t pid;

/* Allocate stack for child */
stack = malloc(STACK_SIZE);
if (stack == NULL)
stackTop = stack + STACK_SIZE; /* Assume stack grows downward */

/* Create child that has its own MNT namespaces*/
pid = clone(childFunc, stackTop, CLONE_NEWNS | SIGCHLD, argv[1]);
if (pid == -1)
printf("clone() returned %ld\n", (long) pid);

if (waitpid(pid, NULL, 0) == -1) /* Wait for child */
printf("child has terminated\n");

When running it, I do get a bash shell, running in a different MNT namespace.
In order to verify it, I execute in another shell
sudo ls -l /proc/<child_pid>/ns
, and I indeed see that the child process has a different namespace from the rest of the processes in the system.

However, if I execute
from both of the shells - I get the same FSTAB output, and the line
myfs on /myfs type sysfs (rw,relatime)
appears in both of them.

What is the explanation for that?


You need to mark the the existing mounts as "private" before creating the new namespace:

mount --make-rprivate /