From 3b288e812dc2d5d72c7dd91d5e8cacbd72508a6a Mon Sep 17 00:00:00 2001
From: Ralph Ronnquist <ralph.ronnquist@gmail.com>
Date: Sat, 12 Nov 2022 19:20:20 +1100
Subject: [PATCH] unmount most before unshare

---
 functions    |  4 ++++
 overlay-boot | 20 ++++++++++++++++----
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/functions b/functions
index ddcd97d..e9111fe 100644
--- a/functions
+++ b/functions
@@ -11,6 +11,10 @@ die() {
     exit 1
 }
 
+beginswith() {
+    [ "$1" != "${1#$2}" ]
+}
+
 # Function to setup subhost name and log file
 subhost_name() {
     CONFIG="$1"
diff --git a/overlay-boot b/overlay-boot
index fc4b8b4..6577cad 100755
--- a/overlay-boot
+++ b/overlay-boot
@@ -31,7 +31,19 @@ exithandler() {
 }
 trap "exithandler" 0
 
-CMD="unshare -fp --mount-proc -i -u ip netns exec $NAME chroot $LIVE /bin/sh"
-echo "$CMD"
-env CONFIG="$CONFIG" $INIT | $CMD
-echo "EXITED $CMD"
+# This process has an unshared mount namespace, so we unmount almost
+# everything before chroot. Exceptions are: $LIVE and anything mounted
+# below that, "/run/netns/$NAME" and its parent paths (incidentally
+# including "/" as well) and "/proc".
+sort -rk2,2 < /proc/mounts | while read D P A2 ; do
+    beginswith "$P" "$LIVE" && continue
+    beginswith "/run/netns/$NAME" "$P" && continue
+    [ "$P" = /proc ] && continue
+    umount "$P"
+done
+
+echo "Starting $NAME"
+env CONFIG="$CONFIG" $INIT | \
+    unshare -fp --mount-proc -i -u \
+	    ip netns exec $NAME chroot $LIVE /bin/sh
+echo "Exited $NAME"
-- 
2.39.2