pivot_root(".", ".") and the fchdir() dance

[Aleksa Sarai]

On 2019-08-01, Michael Kerrisk (man-pages) <mtk.manpages at gmail.com> wrote:
> I'd like to add some documentation about the pivot_root(".", ".")
> idea, but I have a doubt/question. In the lxc_pivot_root() code we
> have these steps
> 
>         oldroot = open("/", O_DIRECTORY | O_RDONLY | O_CLOEXEC);
>         newroot = open(rootfs, O_DIRECTORY | O_RDONLY | O_CLOEXEC);
> 
>         fchdir(newroot);
>         pivot_root(".", ".");
> 
>         fchdir(oldroot);      // ****

This one is "required" because (as the pivot_root(2) man page states),
it's technically not guaranteed by the kernel that the process's cwd
will be the same after pivot_root(2):

> pivot_root() may or may not change the current root and the current
> working directory of any processes or threads which use the old root
> directory.

Now, if it turns out that we can rely on the current behaviour (and the
man page you're improving is actually inaccurate on this point) then
you're right that this fchdir(2) isn't required.

>         mount("", ".", "", MS_SLAVE | MS_REC, NULL);
>         umount2(".", MNT_DETACH);

>         fchdir(newroot);      // ****

And this one is required because we are in @oldroot at this point, due
to the first fchdir(2). If we don't have the first one, then switching
from "." to "/" in the mount/umount2 calls should fix the issue.

We do something very similar to this in runc as well[1] (though, as the
commit message says, I "borrowed" the idea from LXC).

[1]: https://github.com/opencontainers/runc/commit/f8e6b5af5e120ab7599885bd13a932d970ccc748

-- 
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/containers/attachments/20190805/f6598d7b/attachment.sig>