conf: ensure that procfs and sysfs are unmounted

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index bdf7474763904550a6a3c302a35dacb875421c02..445462f0c4751a0c71f21e3ae39527ee10bfb943 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -613,6 +613,15 @@ static int lxc_mount_auto_mounts(struct lxc_handler *handler, int flags)
         bool has_cap_net_admin;
 
         if (flags & LXC_AUTO_PROC_MASK) {
+               ret = strnprintf(rootfs->buf, sizeof(rootfs->buf), "%s/proc",
+                                rootfs->path ? rootfs->mount : "");
+               if (ret < 0)
+                       return ret_errno(EIO);
+
+               ret = umount2(rootfs->buf, MNT_DETACH);
+               if (ret)
+                       SYSDEBUG("Tried to ensure procfs is unmounted");
+
                ret = mkdirat(rootfs->dfd_mnt, "proc" , S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
                if (ret < 0 && errno != EEXIST)
                        return log_error_errno(-errno, errno,
@@ -620,6 +629,15 @@ static int lxc_mount_auto_mounts(struct lxc_handler *handler, int flags)
        }
 
        if (flags & LXC_AUTO_SYS_MASK) {
+               ret = strnprintf(rootfs->buf, sizeof(rootfs->buf), "%s/sys",
+                                rootfs->path ? rootfs->mount : "");
+               if (ret < 0)
+                       return ret_errno(EIO);
+
+               ret = umount2(rootfs->buf, MNT_DETACH);
+               if (ret)
+                       SYSDEBUG("Tried to ensure sysfs is unmounted");
+
                ret = mkdirat(rootfs->dfd_mnt, "sys" , S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
                if (ret < 0 && errno != EEXIST)
                        return log_error_errno(-errno, errno,