Namespaces in operation, part 2: the namespaces API

Posted Mar 2, 2015 12:08 UTC (Mon) by mkerrisk (subscriber, #1978)
Parent article: Namespaces in operation, part 2: the namespaces API

One point to note regarding the unshare.c experiment with mount namespaces (shown toward the end of the article)... These days, some distributions (e.g., Fedora) enable mount event propagation (mount --make-shared) by default, so that an unmount in the second namespace would automatically affect the initial namespace as well. To prevent mount event propagation, we need to make / a private mount in the second namespace. See the following example:

$ echo $$      # Show PID of shell in initial mount NS
989
$ readlink /proc/989/ns/mnt
mnt:[4026531840]
$ cat /proc/989/mounts | awk '/test/ { print $1 , $2 , $3}'
/dev/sda3 /test ext4
$ PS1='$sh2 ' sudo ./unshare -m /bin/bash   # Start a new shell in a new mount NS
sh2$ readlink /proc/$$/ns/mnt       # Verify that shell is in different mount NS
mnt:[4026532640]
sh2$ # Check whether / mount point propagates mount events
sh2$ cat /proc/$$/mountinfo | awk '/\/ \/ / {print $4, $5, $6, $7}'
/ / rw,relatime shared:1
sh2$ sudo mount --make-private /    # Prevent propagation of events for /
sh2$ cat /proc/$$/mountinfo | awk '/\/ \/ / {print $4, $5, $6, $7}'
/ / rw,relatime -
sh2$ sudo umount /test              # Unmount /test in second mount NS
sh2$ Verify that mount has been removed in second mount NS
sh2$ cat /proc/$$/mounts | awk '/test/ { print $1 , $2 , $3}'
sh2$ Verify that mount is still present in initial mount NS
sh2$ cat /proc/989/mounts | awk '/test/ { print $1 , $2 ,$3}'
/dev/sda3 /test ext4

For more info about mount propagation, see the kernel source file Documentation/filesystems/sharedsubtree.txt and the mount(8) man page.