You are not logged in.

#1 2015-04-23 17:48:47

maufl
Member
Registered: 2013-06-08
Posts: 2

Namespaces not working as expected

Hi, I've got problems with namespaces not working as expected. When I isolate a process into a new network and mount namespace, a newly mounted file system will be visible to all processes.
Steps to reproduce:

$ sudo unshare -mn bash
bash# mount -t sysfs sysfs /sys
bash# exit
$ cat /proc/mounts

Result:
/proc/mounts will contain a new line for sysfs. This means the /sys/fs/cgroups directory will appear to be empty as the new sysfs is mounted over the old However you can undo it by

sudo umount /sys

.

Expected result:
The /sys directory will only be new inside the bash process started using unshare and not anymore once you exit bash.

Did I understand something wrong? Or might this be a bug in the kernel?

Note that when using

unshare -m bash

without isolating the network namespace it will refuse to mount sysfs as it is already mounted or busy. Strange.

Offline

#2 2015-04-24 16:08:38

djgera
Developer
From: Buenos Aires - Argentina
Registered: 2008-12-24
Posts: 723
Website

Re: Namespaces not working as expected

Hello, because sysfs is shared, see unshare(1) for more details.

Offline

Board footer

Powered by FluxBB