From a257a8eedcdd48034880fbe5def1d5b809d8a16e Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Thu, 2 Nov 2017 13:26:36 +0100
Subject: [PATCH] bindings: record mount namespace

This will allows us to attach to the mount namespace in case we need to debug or
perform some action on update.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 bindings.c | 39 +++++++++++++++++++++++++--------------
 1 file changed, 25 insertions(+), 14 deletions(-)

diff --git a/bindings.c b/bindings.c
index fe521a3..885eb64 100644
--- a/bindings.c
+++ b/bindings.c
@@ -139,6 +139,7 @@ static char **hierarchies;
  * another namespace using the *at() family of functions
  * {openat(), fchownat(), ...}. */
 static int *fd_hierarchies;
+static int cgroup_mount_ns_fd = -1;
 
 static void unlock_mutex(pthread_mutex_t *l)
 {
@@ -421,6 +422,7 @@ static void print_subsystems(void)
 {
 	int i;
 
+	fprintf(stderr, "mount namespace: %d\n", cgroup_mount_ns_fd);
 	fprintf(stderr, "hierarchies:\n");
 	for (i = 0; i < num_hierarchies; i++) {
 		if (hierarchies[i])
@@ -4477,6 +4479,19 @@ static bool permute_root(void)
 	return true;
 }
 
+static int preserve_mnt_ns(int pid)
+{
+	int ret;
+	size_t len = sizeof("/proc/") + 21 + sizeof("/ns/mnt");
+	char path[len];
+
+	ret = snprintf(path, len, "/proc/%d/ns/mnt", pid);
+	if (ret < 0 || (size_t)ret >= len)
+		return -1;
+
+	return open(path, O_RDONLY | O_CLOEXEC);
+}
+
 static bool cgfs_prepare_mounts(void)
 {
 	if (!mkdir_p(BASEDIR, 0700)) {
@@ -4494,6 +4509,12 @@ static bool cgfs_prepare_mounts(void)
 		return false;
 	}
 
+	cgroup_mount_ns_fd = preserve_mnt_ns(getpid());
+	if (cgroup_mount_ns_fd < 0) {
+		lxcfs_error("Failed to preserve mount namespace: %s.\n", strerror(errno));
+		return false;
+	}
+
 	if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, 0) < 0) {
 		lxcfs_error("Failed to remount / private: %s.\n", strerror(errno));
 		return false;
@@ -4567,19 +4588,6 @@ static bool cgfs_setup_controllers(void)
 	return true;
 }
 
-static int preserve_ns(int pid)
-{
-	int ret;
-	size_t len = 5 /* /proc */ + 21 /* /int_as_str */ + 7 /* /ns/mnt */ + 1 /* \0 */;
-	char path[len];
-
-	ret = snprintf(path, len, "/proc/%d/ns/mnt", pid);
-	if (ret < 0 || (size_t)ret >= len)
-		return -1;
-
-	return open(path, O_RDONLY | O_CLOEXEC);
-}
-
 static void __attribute__((constructor)) collect_and_mount_subsystems(void)
 {
 	FILE *f;
@@ -4623,7 +4631,7 @@ static void __attribute__((constructor)) collect_and_mount_subsystems(void)
 	}
 
 	/* Preserve initial namespace. */
-	init_ns = preserve_ns(getpid());
+	init_ns = preserve_mnt_ns(getpid());
 	if (init_ns < 0) {
 		lxcfs_error("%s\n", "Failed to preserve initial mount namespace.");
 		goto out;
@@ -4680,4 +4688,7 @@ static void __attribute__((destructor)) free_subsystems(void)
 	}
 	free(hierarchies);
 	free(fd_hierarchies);
+
+	if (cgroup_mount_ns_fd >= 0)
+		close(cgroup_mount_ns_fd);
 }
-- 
2.39.2