Merge pull request 'suites/experimental' (#2) from rrq/overlay-boot:suites/experiment...

Reviewed-on: https://git.devuan.org/devuan/overlay-boot/pulls/2

diff --git a/debian/changelog b/debian/changelog
index 65125676d9860fef73b1f06c80b1109e38a6fe78..1e1f3fbb53ddd8d6cfe86d0ae27cda58cec7760f 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+overlay-boot (0.1.9) unstable; urgency=medium
+
+  * discard most mounts before unshare
+
+ -- Ralph Ronnquist <ralph.ronnquist@gmail.com>  Sat, 12 Nov 2022 18:33:38 +1100
+
 overlay-boot (0.1.8) unstable; urgency=medium
 
   * added configuration for shared subdirectories

diff --git a/debian/rules b/debian/rules
index 2d33f6ac8992b7da84b39a5bca0742c4962d3349..173b37ec4f9d857a6e45ec510e5c189e81095df2 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -2,3 +2,6 @@
 
 %:
        dh $@
+
+override_dh_clean:
+       dh_prep -Xtrial

diff --git a/debian/source/options b/debian/source/options
new file mode 100644 (file)
index 0000000..d7be186
--- /dev/null
+++ b/debian/source/options
@@ -0,0 +1 @@
+tar-ignore = trial

diff --git a/functions b/functions
index ddcd97dd99fe7f4ed85ab93ec03694216faf5a9a..e9111fe08e9c72e6640a7cca20dfe1e1f88b9449 100644 (file)
--- a/functions
+++ b/functions
@@ -11,6 +11,10 @@ die() {
     exit 1
 }
 
+beginswith() {
+    [ "$1" != "${1#$2}" ]
+}
+
 # Function to setup subhost name and log file
 subhost_name() {
     CONFIG="$1"

diff --git a/overlay-boot b/overlay-boot
index fc4b8b428e0d7eb1ffc2665b4c3aca5071f550f9..6577cadf387a658b182b8a928ee257ab3274f9cb 100755 (executable)
--- a/overlay-boot
+++ b/overlay-boot
@@ -31,7 +31,19 @@ exithandler() {
 }
 trap "exithandler" 0
 
-CMD="unshare -fp --mount-proc -i -u ip netns exec $NAME chroot $LIVE /bin/sh"
-echo "$CMD"
-env CONFIG="$CONFIG" $INIT | $CMD
-echo "EXITED $CMD"
+# This process has an unshared mount namespace, so we unmount almost
+# everything before chroot. Exceptions are: $LIVE and anything mounted
+# below that, "/run/netns/$NAME" and its parent paths (incidentally
+# including "/" as well) and "/proc".
+sort -rk2,2 < /proc/mounts | while read D P A2 ; do
+    beginswith "$P" "$LIVE" && continue
+    beginswith "/run/netns/$NAME" "$P" && continue
+    [ "$P" = /proc ] && continue
+    umount "$P"
+done
+
+echo "Starting $NAME"
+env CONFIG="$CONFIG" $INIT | \
+    unshare -fp --mount-proc -i -u \
+           ip netns exec $NAME chroot $LIVE /bin/sh
+echo "Exited $NAME"