# configuration file named on the command line.
# See "man overlay-boot" for details.
+set -x
PROGRAMDIR="$(dirname $(realpath $0))"
. $PROGRAMDIR/functions
subhost_config
setup_veth_cables $NAME $CABLES
setup_overlay "$NAME" "$LIVE" "$LOWER" "$UPPER" "$WORK"
+setup_cgroup2_accounting "$NAME" "$$"
exithandler() {
ip netns del $NAME
}
trap "exithandler" 0
-CMD="unshare -fp --mount-proc -i -u ip netns exec $NAME chroot $LIVE /bin/sh"
-echo "$CMD"
-env CONFIG="$CONFIG" $INIT | $CMD
-echo "EXITED $CMD"
+# This process has an unshared mount namespace, so we unmount almost
+# everything before chroot. Exceptions are: $LIVE and anything mounted
+# below that, "/run/netns/$NAME" and its parent paths (incidentally
+# including "/" as well) and "/proc".
+sort -rk2,2 < /proc/mounts | while read D P A2 ; do
+ beginswith "$P" "$LIVE" && continue
+ beginswith "/run/netns/$NAME" "$P" && continue
+ [ "$P" = /proc ] && continue
+ umount "$P"
+done
+
+echo "Starting $NAME"
+env CONFIG="$CONFIG" $INIT | \
+ unshare -fp --mount-proc -i -u \
+ ip netns exec $NAME chroot $LIVE /bin/sh
+echo "Exited $NAME"
projects / rrq / overlay-boot.git / blobdiff