summaryrefslogtreecommitdiff
path: root/linuxnamespaces
diff options
context:
space:
mode:
Diffstat (limited to 'linuxnamespaces')
-rw-r--r--linuxnamespaces/__init__.py45
1 files changed, 27 insertions, 18 deletions
diff --git a/linuxnamespaces/__init__.py b/linuxnamespaces/__init__.py
index aff620e..8853c07 100644
--- a/linuxnamespaces/__init__.py
+++ b/linuxnamespaces/__init__.py
@@ -537,40 +537,49 @@ def populate_sys(
"""
newsys = AtLocation(newroot) / "sys"
mflags = MountFlags.NOSUID | MountFlags.NOEXEC | MountFlags.NODEV
+ bind_mounts: dict[
+ str, tuple[typing.Union[str, pathlib.PurePath], bool]
+ ] = {}
if rootcgroup is None:
- rootcgroup = ""
+ bind_mounts["fs/cgroup"] = ("fs/cgroup", True)
else:
- rootcgroup = pathlib.PurePath(rootcgroup).relative_to("/")
- with contextlib.ExitStack() as exitstack:
- cgfd = exitstack.enter_context(
- open_tree(
- AtLocation(origroot) / "sys/fs/cgroup" / rootcgroup,
- OpenTreeFlags.OPEN_TREE_CLONE | OpenTreeFlags.AT_RECURSIVE,
- ),
+ bind_mounts["fs/cgroup"] = (
+ "fs/cgroup" / pathlib.PurePath(rootcgroup).relative_to("/"), False
)
- if not rootcgroup:
- mount_setattr(cgfd, True, MountAttrFlags.RDONLY)
- if module:
- modfd = exitstack.enter_context(
+ if module:
+ bind_mounts["module"] = ("module", True)
+
+ bind_fds: dict[str, AtLocation] = {}
+ with contextlib.ExitStack() as exitstack:
+ for target, (source, rdonly) in bind_mounts.items():
+ bindfd = exitstack.enter_context(
open_tree(
- AtLocation(origroot) / "sys/module",
+ AtLocation(origroot) / "sys" / source,
OpenTreeFlags.OPEN_TREE_CLONE | OpenTreeFlags.AT_RECURSIVE,
),
)
- mount_setattr(modfd, True, MountAttrFlags.RDONLY)
+ if rdonly:
+ mount_setattr(bindfd, True, MountAttrFlags.RDONLY)
+ bind_fds[target] = bindfd
+
mount("sysfs", newsys, "tmpfs", mflags, "mode=0755")
exitstack.enter_context(
_ExceptionExitCallback(umount, newsys, UmountFlags.DETACH)
)
- for subdir in ("fs", "fs/cgroup", "module"):
+ dirs = set()
+ for subdir in bind_fds:
+ dirs.add(subdir)
+ while "/" in subdir:
+ subdir = subdir.rsplit("/", 1)[0]
+ dirs.add(subdir)
+ for subdir in sorted(dirs):
(newsys / subdir).mkdir()
(newsys / subdir).chmod(0o755)
mflags |= MountFlags.REMOUNT | MountFlags.RDONLY
mount("sysfs", newsys, "tmpfs", mflags, "mode=0755")
- move_mount(cgfd, newsys / "fs/cgroup")
- if module:
- move_mount(modfd, newsys / "module")
+ for subdir, bindfd in sorted(bind_fds.items()):
+ move_mount(bindfd, newsys / subdir)
def unshare_user_idmap(