If we're not root, our mounts in private userns won't get pushed
back anyway. If we are root, we need to make sure that anything
the template does gets cleaned up.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
#include <unistd.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <errno.h>
#include <fcntl.h>
#include <sched.h>
#include <errno.h>
#include <fcntl.h>
#include <sched.h>
- if (strcmp(bdev->type, "dir") != 0) {
if (unshare(CLONE_NEWNS) < 0) {
ERROR("error unsharing mounts");
exit(1);
}
if (unshare(CLONE_NEWNS) < 0) {
ERROR("error unsharing mounts");
exit(1);
}
+ if (detect_shared_rootfs()) {
+ if (mount("", "", NULL, MS_SLAVE|MS_REC, 0)) {
+ SYSERROR("Failed to make / rslave to run template");
+ ERROR("Continuing...");
+ }
+ }
+ }
+ if (strcmp(bdev->type, "dir") != 0) {
+ if (geteuid() != 0) {
+ ERROR("non-root users can only create directory-backed containers");
+ exit(1);
+ }
if (bdev->ops->mount(bdev) < 0) {
ERROR("Error mounting rootfs");
exit(1);
if (bdev->ops->mount(bdev) < 0) {
ERROR("Error mounting rootfs");
exit(1);