From 318430cbb3b2ceefe51518ecccabbdabb32ffe3b Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Wed, 26 Aug 2020 18:52:10 +0900
Subject: executor/linux: change mount propagation type to private

unshare(CLONE_NEWNS) might not be sufficient for making all test processes run in
separate mount namespace, for "mount --make-rshared /" request issued by systemd
causes mount operations issued by test processes visible from outside of test
processes. Issue "mount --make-rprivate /" request after unshare(CLONE_NEWNS).
---
 pkg/csource/generated.go | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'pkg/csource')

diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go
index b5dc79b54..077355add 100644
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@@ -7576,6 +7576,9 @@ static void sandbox_common()
 	if (unshare(CLONE_NEWNS)) {
 		debug("unshare(CLONE_NEWNS): %d\n", errno);
 	}
+	if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL)) {
+		debug("mount(\"/\", MS_REC | MS_PRIVATE): %d\n", errno);
+	}
 	if (unshare(CLONE_NEWIPC)) {
 		debug("unshare(CLONE_NEWIPC): %d\n", errno);
 	}
-- 
cgit mrf-deployment