From 81a73d92cccbd0344287fe6c2e0177a81f09b69e Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Sun, 8 Jan 2023 13:05:20 +0100 Subject: [PATCH] libmount: ensure child hangs around until we persisted namespace When we create a new namespace in a child process to persist it we need to ensure that the child hangs around. During exit the child will drop all references to its namespaces and so by the time we call open we might already fail to open the namespace. Fix this. Signed-off-by: Christian Brauner (Microsoft) --- libmount/src/hook_idmap.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libmount/src/hook_idmap.c b/libmount/src/hook_idmap.c index 3001e40624..7e7c9e742f 100644 --- a/libmount/src/hook_idmap.c +++ b/libmount/src/hook_idmap.c @@ -210,10 +210,16 @@ static int get_userns_fd_from_idmap(struct list_head *idmap) if (rc < 0) _exit(EXIT_FAILURE); + /* Let parent know we're ready to have the idmapping written. */ rc = write_all(sock_fds[0], &c, 1); if (rc) _exit(EXIT_FAILURE); + /* Hang around until the parent has persisted our namespace. */ + rc = read_all(sock_fds[0], &c, 1); + if (rc != 1) + _exit(EXIT_FAILURE); + close(sock_fds[0]); _exit(EXIT_SUCCESS); @@ -221,6 +227,7 @@ static int get_userns_fd_from_idmap(struct list_head *idmap) close(sock_fds[0]); sock_fds[0] = -1; + /* Wait for child to set up a new namespace. */ rc = read_all(sock_fds[1], &c, 1); if (rc != 1) goto err_wait; @@ -232,6 +239,9 @@ static int get_userns_fd_from_idmap(struct list_head *idmap) snprintf(path, sizeof(path), "/proc/%d/ns/user", pid); fd_userns = open(path, O_RDONLY | O_CLOEXEC | O_NOCTTY); + /* Let child know we've persisted its namespace. */ + (void)write_all(sock_fds[0], &c, 1); + err_wait: rc = wait_for_pid(pid); -- 2.47.2