xfnw/alpine-make-vm-image
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Explicitly set bind mounts' propagation type to private

Browse source 
If I understand it correctly, the default propagation type is private,
but f**king systemd mounts everything as shared. This is especially
problematic when doing recursive bind, which is not our case, but still
better to explicitly set propagation to private anyway.

See: https://lwn.net/Articles/689856/, https://lwn.net/Articles/690679/
This commit is contained in:
Jakub Jirutka 2018-09-16 18:00:18 +02:00
parent 27b5a7e2d0
commit aa55b71a9c
1 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
alpine-make-vm-image
View file

@ -217,14 +217,21 @@ install_fs_tools() {
_apk add -t $VIRTUAL_PKG $pkg _apk add -t $VIRTUAL_PKG $pkg
} }
# Binds the directory $1 at the mountpoint $2 and sets propagation to private.
mount_bind() {
mkdir -p "$2"
mount --bind "$1" "$2"
mount --make-private "$2"
}
# Prepares chroot at the specified path. # Prepares chroot at the specified path.
prepare_chroot() { prepare_chroot() {
local dest="$1" local dest="$1"
mkdir -p "$dest"/proc "$dest"/dev "$dest"/sys mkdir -p "$dest"/proc
mount -t proc none "$dest"/proc mount -t proc none "$dest"/proc
mount --bind /dev "$dest"/dev mount_bind /dev "$dest"/dev
mount --bind /sys "$dest"/sys mount_bind /sys "$dest"/sys
install -D -m 644 /etc/resolv.conf "$dest"/etc/resolv.conf install -D -m 644 /etc/resolv.conf "$dest"/etc/resolv.conf
} }
@ -475,7 +482,7 @@ if [ "$SCRIPT" ]; then
"$SCRIPT" "$@" || die 'Script failed' "$SCRIPT" "$@" || die 'Script failed'
else else
einfo "Executing script in chroot: $script_name $*" einfo "Executing script in chroot: $script_name $*"
mount --bind "${SCRIPT%/*}" mnt/ mount_bind "${SCRIPT%/*}" mnt/
chroot . sh -c "cd /mnt && ./$script_name \"\$@\"" -- "$@" \ chroot . sh -c "cd /mnt && ./$script_name \"\$@\"" -- "$@" \
|| die 'Script failed' || die 'Script failed'
fi fi