fix: mount move before choot

Move the rootfs to the root of the host filesystem before chrooting, this is equivalent to pivot_root, if don't move mount first, we will not see the new rootfs when exec into the container Signed-off-by: xujihui1985 <[email protected]>
containers · Sep 27, 2024 · 65d6b54 · 65d6b54
1 parent 818cec8
commit 65d6b54
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/crates/libcontainer/src/process/container_init_process.rs b/crates/libcontainer/src/process/container_init_process.rs
@@ -350,6 +350,14 @@ pub fn container_init_process(
                 InitProcessError::SyscallOther(err)
             })?;
         } else {
+            // Move the rootfs to the root of the host filesystem before chrooting
+            // This is equivalent to pivot_root
+            syscall
+                .mount(Some(rootfs_path), Path::new("/"), None, MsFlags::MS_MOVE, None)
+                .map_err(|err| {
+                    tracing::error!(?err, ?rootfs_path, "failed to move rootfs");
+                    InitProcessError::SyscallOther(err)
+                })?;
             syscall.chroot(rootfs_path).map_err(|err| {
                 tracing::error!(?err, ?rootfs_path, "failed to chroot");
                 InitProcessError::SyscallOther(err)