namespace-util: introduce helper for combining unshare() + MS_SLAVE remount

[thirdparty/systemd.git] / src / basic / namespace-util.c

diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c
index b0168ae227caf2fee9344867e05b92f8cc119f60..b34c532604a5fe85b88e6fae3b49f32300d13de6 100644 (file)
--- a/src/basic/namespace-util.c
+++ b/src/basic/namespace-util.c
@@ -2,6 +2,7 @@
 
 #include <fcntl.h>
 #include <sys/ioctl.h>
+#include <sys/mount.h>
 
 #include "fd-util.h"
 #include "missing_fs.h"
@@ -169,3 +170,16 @@ int fd_is_network_ns(int fd) {
 
         return r == CLONE_NEWNET;
 }
+
+int detach_mount_namespace(void) {
+
+        /* Detaches the mount namespace, disabling propagation from our namespace to the host */
+
+        if (unshare(CLONE_NEWNS) < 0)
+                return -errno;
+
+        if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0)
+                return -errno;
+
+        return 0;
+}