From 95258e34b568acf49d684e7c96a0c67a81498dc6 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Tue, 9 Mar 2021 11:26:13 +0100
Subject: [PATCH] conf: ensure that procfs and sysfs are unmounted

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/conf.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index bdf747476..445462f0c 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -613,6 +613,15 @@ static int lxc_mount_auto_mounts(struct lxc_handler *handler, int flags)
         bool has_cap_net_admin;
 
         if (flags & LXC_AUTO_PROC_MASK) {
+		ret = strnprintf(rootfs->buf, sizeof(rootfs->buf), "%s/proc",
+				 rootfs->path ? rootfs->mount : "");
+		if (ret < 0)
+			return ret_errno(EIO);
+
+		ret = umount2(rootfs->buf, MNT_DETACH);
+		if (ret)
+			SYSDEBUG("Tried to ensure procfs is unmounted");
+
 		ret = mkdirat(rootfs->dfd_mnt, "proc" , S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
 		if (ret < 0 && errno != EEXIST)
 			return log_error_errno(-errno, errno,
@@ -620,6 +629,15 @@ static int lxc_mount_auto_mounts(struct lxc_handler *handler, int flags)
 	}
 
 	if (flags & LXC_AUTO_SYS_MASK) {
+		ret = strnprintf(rootfs->buf, sizeof(rootfs->buf), "%s/sys",
+				 rootfs->path ? rootfs->mount : "");
+		if (ret < 0)
+			return ret_errno(EIO);
+
+		ret = umount2(rootfs->buf, MNT_DETACH);
+		if (ret)
+			SYSDEBUG("Tried to ensure sysfs is unmounted");
+
 		ret = mkdirat(rootfs->dfd_mnt, "sys" , S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
 		if (ret < 0 && errno != EEXIST)
 			return log_error_errno(-errno, errno,
-- 
2.47.2