Re: pivot_root(".", ".") and the fchdir() dance

["Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>]

Hello Eric,

On 9/10/19 1:40 AM, Eric W. Biederman wrote:

[...]

>>> I have just spotted this conversation and I expect if you are going
>>> to use this example it is probably good to document what is going
>>> on so that people can follow along.
>>
>> (Sounds reasonable.)
>>
>>>>> chdir(rootfs)
>>>>> pivot_root(".", ".")
>>>
>>> At this point the mount stack should be:
>>> old_root
>>> new_root
>>> rootfs
>>
>> In this context, what is 'rootfs'? The initramfs? At least, when I
>> examine /proc/PID/mountinfo. When I look at the / mount point in
>> /proc/PID/mountinfo, I see just
>>
>>    old_root
>>    new_root
>>
>> But nothing below 'new_root'. So, I'm a little puzzled.
> 
> I think that is because Al changed /proc/mounts to not display mounts
> that are outside of your current root.  But yes there is typically
> the initramfs of file system type rootfs on their.  Even when it isn't
> used you have one.  Just to keep everything simple I presume.
> 
> I haven't double checked lately to be certain it is there but I expect
> it is.
> 
>> By the way, why is 'old_root' stacked above 'new_root', do you know? I
>> mean, in this scenario it turns out to be useful, but it's kind of the
>> opposite from what I would have expected. (And if this was a
>> deliverate design decision in pivot_root(), it was never made
>> explicit.)
> 
> Oh.  It is absolutely explicit and part of the design and it has nothing
> to do with this case.
> 
> The pivot_root system calls takes two parameters:  new_root and put_old.
> 
> In this case the old root is put on put_old (which is the new_root).
> And new_root is made the current root.
> 
> The pivot_root code looks everything up before it moves anything.   With
> the result it is totally immaterrial which order the moves actually
> happen in the code.  Further it is pretty much necessary to look
> everything up before things are moved because the definition of paths
> change.
> 
> So it would actually be difficult to have pivot_root(.,.) to do anything
> except what it does today.
> 
> 
>>> With "." and "/" pointing to new_root.
>>>
>>>>> umount2(".", MNT_DETACH)
>>>
>>> At this point resolving "." starts with new_root and follows up the
>>> mount stack to old-root.
>>
>> Okay.
>>
>>> Ordinarily if you unmount "/" as is happening above you then need to
>>> call chroot and possibly chdir to ensure neither "/" nor "." point to
>>> somewhere other than the unmounted root filesystem.  In this specific
>>> case because "/" and "." resolve to new_root under the filesystem that is
>>> being unmounted that all is well.
>>
>> s/that/then/ ?

Thanks for the further clarifications.

All: I plan to add the following text to the manual page:

       new_root and put_old may be the same  directory.   In  particular,
       the following sequence allows a pivot-root operation without need‐
       ing to create and remove a temporary directory:

           chdir(new_root);
           pivot_root(".", ".");
           umount2(".", MNT_DETACH);

       This sequence succeeds because the pivot_root()  call  stacks  the
       old root mount point (old_root) on top of the new root mount point
       at /.  At that point, the calling  process's  root  directory  and
       current  working  directory  refer  to  the  new  root mount point
       (new_root).  During the subsequent umount()  call,  resolution  of
       "."   starts  with  new_root  and then moves up the list of mounts
       stacked at /, with the result that old_root is unmounted.

Look okay?

Thanks,

Michael


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/