]> git.ipfire.org Git - thirdparty/mkosi.git/commitdiff
projects / thirdparty / mkosi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c573f86)
Get rid of init_mount_namespace()
authorDaan De Meyer <daan.j.demeyer@gmail.com>
Tue, 9 May 2023 08:07:20 +0000 (10:07 +0200)
committerDaan De Meyer <daan.j.demeyer@gmail.com>
Tue, 9 May 2023 09:18:26 +0000 (11:18 +0200)
Let's just unshare the mount namespace as well as part of
become_root(). Also stop making every mount a slave mount, since
we don't really care about host mounts propagating into our mount
namespace.

mkosi/__init__.py patch | blob | blame | history
mkosi/run.py patch | blob | blame | history

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 873e86d7179ec19ecb37aafd29b60b912f8d5453..8ea34d8d815a9362b4f38d8005d847870757ca7e 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -36,14 +36,7 @@ from mkosi.manifest import Manifest
 from mkosi.mounts import dissect_and_mount, mount_overlay, scandir_recursive
 from mkosi.pager import page
 from mkosi.remove import unlink_try_hard
-from mkosi.run import (
-    become_root,
-    fork_and_wait,
-    init_mount_namespace,
-    run,
-    run_workspace_command,
-    spawn,
-)
+from mkosi.run import become_root, fork_and_wait, run, run_workspace_command, spawn
 from mkosi.state import MkosiState
 from mkosi.types import PathString
 from mkosi.util import (
@@ -2278,7 +2271,6 @@ def run_verb(args: MkosiArgs, presets: Sequence[MkosiConfig]) -> None:
             def target() -> None:
                 # Get the user UID/GID either on the host or in the user namespace running the build
                 uid, gid = become_root()
-                init_mount_namespace()
                 build_stuff(uid, gid, config)
 
             # We only want to run the build in a user namespace but not the following steps. Since we
diff --git a/mkosi/run.py b/mkosi/run.py
index 8e13b312df6b826978d1f814c5e4dc87f7b287c7..4fc79ea250f199b5f91063b59aaeb548c368de94 100644 (file)
--- a/mkosi/run.py
+++ b/mkosi/run.py
@@ -107,7 +107,7 @@ def become_root() -> tuple[int, int]:
 
         os._exit(0)
 
-    unshare(CLONE_NEWUSER)
+    unshare(CLONE_NEWUSER|CLONE_NEWNS)
     event.set()
     os.waitpid(child, 0)
 
@@ -120,11 +120,6 @@ def become_root() -> tuple[int, int]:
     return SUBRANGE - 100, SUBRANGE - 100
 
 
-def init_mount_namespace() -> None:
-    unshare(CLONE_NEWNS)
-    run(["mount", "--make-rslave", "/"])
-
-
 def foreground() -> None:
     """
     If we're connected to a terminal, put the process in a new process group and make that the foreground
Mirror of https://github.com/systemd/mkosi.git