X-Git-Url: https://git.rrq.au/?a=blobdiff_plain;f=overlay-boot;h=899d53ba25f3f9310041462df7d84ce06d9a3307;hb=refs%2Fheads%2Fdebian;hp=d635da4347739db34020cd6856382d5c6f7827f9;hpb=7f766756c6d328a4a8d57a274a215f67376af68d;p=rrq%2Foverlay-boot.git

diff --git a/overlay-boot b/overlay-boot
index d635da4..899d53b 100755
--- a/overlay-boot
+++ b/overlay-boot
@@ -4,6 +4,7 @@
 # configuration file named on the command line.
 # See "man overlay-boot" for details.
 
+set -x
 PROGRAMDIR="$(dirname $(realpath $0))"
 . $PROGRAMDIR/functions
 
@@ -22,6 +23,7 @@ fi
 subhost_config
 setup_veth_cables $NAME $CABLES
 setup_overlay "$NAME" "$LIVE" "$LOWER" "$UPPER" "$WORK"
+setup_cgroup2_accounting "$NAME" "$$"
 
 exithandler() {
     ip netns del $NAME
@@ -29,7 +31,20 @@ exithandler() {
 }
 trap "exithandler" 0
 
-CMD="unshare -fp --mount-proc -i -u ip netns exec $NAME chroot $LIVE /bin/sh"
-echo "$CMD"
-env CONFIG="$CONFIG" $INIT | $CMD
-echo "EXITED $CMD"
+# This process has an unshared mount namespace, so we unmount almost
+# everything before chroot. Exceptions are: $LIVE and anything mounted
+# below that, "/run/netns/$NAME" and its parent paths (incidentally
+# including "/" as well) and "/proc".
+sort -rk2,2 < /proc/mounts | while read D P A2 ; do
+    beginswith "$P" "$LIVE" && continue
+    beginswith "$P" "$(realpath $LIVE)" && continue
+    beginswith "/run/netns/$NAME" "$P" && continue
+    [ "$P" = /proc ] && continue
+    umount "$P"
+done
+
+echo "Starting $NAME"
+env CONFIG="$CONFIG" $INIT | \
+    unshare -fp --mount-proc -i -u \
+	    ip netns exec $NAME chroot $LIVE /bin/sh
+echo "Exited $NAME"