magicyuli
commented
5 years ago Or add an after_clone callback? There's currently a before_exec callback, which is called just right before execve.
Open magicyuli opened 5 years ago
magicyuli
commented
5 years ago Or add an after_clone callback? There's currently a before_exec callback, which is called just right before execve.
tailhook
commented
5 years ago Hi!
I'm not sure it's because of user namespace. Isn't it because pivot_root requires both things to be mountpoints not mere directories?
I'm all for adding documentation describing the issue. But I don't think this should be done always. Adding a convenience method may be okay, though.
magicyuli
commented
5 years ago Thanks for the prompt response!
Yeah, I did make sure the new_root was a mount point, and put_old had nothing mounted to it, and was under new_root. Without using the user namespace it works without any problem, and that's why I think user namespace plays a part here.
pivot_rootsucceeds if user namespace is not used, but fails withEINVAL(os error 22). Bind mounting thenew_rootto itself solves it. I think that's a hack used bygoexample as well. Maybe theCloneCbshould include this logic?Environment: Xenial
4.9.125-linuxkit #1 SMP Fri Sep 7 08:20:28 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux