diff options
| author | Andrei Vagin <avagin@google.com> | 2019-01-31 15:17:50 -0800 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2019-01-31 15:19:04 -0800 |
| commit | 4e695adcd0c739101c3d50431ca18b1b911c9238 (patch) | |
| tree | 2eb6bd3696011463e521adea2da10978dde59a95 /runsc/cmd/chroot.go | |
| parent | 88b4ce8cac9c438da472205e0e710dd75e73b050 (diff) | |
gvisor/gofer: Use pivot_root instead of chroot
PiperOrigin-RevId: 231864273
Change-Id: I8545b72b615f5c2945df374b801b80be64ec3e13
Diffstat (limited to 'runsc/cmd/chroot.go')
| -rw-r--r-- | runsc/cmd/chroot.go | 45 |
1 files changed, 24 insertions, 21 deletions
diff --git a/runsc/cmd/chroot.go b/runsc/cmd/chroot.go index c1acbf26b..ed1dafef1 100644 --- a/runsc/cmd/chroot.go +++ b/runsc/cmd/chroot.go @@ -36,6 +36,29 @@ func mountInChroot(chroot, src, dst, typ string, flags uint32) error { return nil } +func pivotRoot(root string) error { + if err := os.Chdir(root); err != nil { + return fmt.Errorf("error changing working directory: %v", err) + } + // pivot_root(new_root, put_old) moves the root filesystem (old_root) + // of the calling process to the directory put_old and makes new_root + // the new root filesystem of the calling process. + // + // pivot_root(".", ".") makes a mount of the working directory the new + // root filesystem, so it will be moved in "/" and then the old_root + // will be moved to "/" too. The parent mount of the old_root will be + // new_root, so after umounting the old_root, we will see only + // the new_root in "/". + if err := syscall.PivotRoot(".", "."); err != nil { + return fmt.Errorf("error changing root filesystem: %v", err) + } + + if err := syscall.Unmount(".", syscall.MNT_DETACH); err != nil { + return fmt.Errorf("error umounting the old root file system: %v", err) + } + return nil +} + // setUpChroot creates an empty directory with runsc mounted at /runsc and proc // mounted at /proc. func setUpChroot(pidns bool) error { @@ -66,29 +89,9 @@ func setUpChroot(pidns bool) error { } } - if err := os.Chdir(chroot); err != nil { - return fmt.Errorf("error changing working directory: %v", err) - } - if err := syscall.Mount("", chroot, "", syscall.MS_REMOUNT|syscall.MS_RDONLY|syscall.MS_BIND, ""); err != nil { return fmt.Errorf("error remounting chroot in read-only: %v", err) } - // pivot_root(new_root, put_old) moves the root filesystem (old_root) - // of the calling process to the directory put_old and makes new_root - // the new root filesystem of the calling process. - // - // pivot_root(".", ".") makes a mount of the working directory the new - // root filesystem, so it will be moved in "/" and then the old_root - // will be moved to "/" too. The parent mount of the old_root will be - // new_root, so after umounting the old_root, we will see only - // the new_root in "/". - if err := syscall.PivotRoot(".", "."); err != nil { - return fmt.Errorf("error changing root filesystem: %v", err) - } - if err := syscall.Unmount(".", syscall.MNT_DETACH); err != nil { - return fmt.Errorf("error umounting the old root file system: %v", err) - } - - return nil + return pivotRoot(chroot) } |