Package: mininet Version: 2.2.1-1 Severity: normal Dear Maintainer,
mnexec, which is used to spawn mininet's node processes in a different mount and network namespace, does not correctly cope with systemd's default of making the root mount namespace hierarchy shared (see #739593 for details). In particular, mounts happening inside the node namespaces are visible from the rest of the system as well, which breaks things if e.g. one wants to mount a tmpfs under /run/network using privateDirs, especially since the node processes share the same root filesystem with the rest of the system. Also, as a result of using a shared mount hierarchy, the /sys mounts performed by mnexec on startup are not cleaned up on mininet termination and slowly pile up after successive mininet executions. The attached patch makes sure that the whole filesystem hierarchy is marked as private in the new namespace, i.e. new mounts from the root system will not propagate to the node namespaces and mounts performed in the node namespaces will remain invisible to the rest of the system and will be cleaned up on node termination. Regards, Apollon -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (90, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.1.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=el_GR.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages mininet depends on: ii cgroup-bin 0.41-6 ii iperf 2.0.5+dfsg1-2 ii libc6 2.19-18 ii openvswitch-switch 2.3.0+git20140819-3 ii python 2.7.9-1 ii python-pkg-resources 17.0-1 ii socat 1.7.3.0-1 ii telnet 0.17-40 mininet recommends no packages. mininet suggests no packages. -- debconf-show failed
Author: Apollon Oikonomopoulos <apoi...@debian.org> Subject: mnexec: properly setup the mount namespace Systemd's default is to mark the root mount as shared and it is inherited as such by the new mount namespace. This means that any mounts performed in the new namespace will be visible by the rest of the system, breaking privateDirs. . To restore a more sane behaviour, we explicitly mark all mounts recursively as private, meaning that we will no longer see new mounts from the root namespace, and our mounts will also not propagate to the rest of the system. Last-Update: 2015-09-21 --- a/mnexec.c +++ b/mnexec.c @@ -130,6 +130,15 @@ perror("unshare"); return 1; } + + /* Mark our whole hierarchy recursively as private, so that our + * mounts do not propagate to other processes. + */ + if (mount("none", "/", NULL, MS_REC|MS_PRIVATE, NULL) == -1) { + perror("remount"); + return 1; + } + /* mount sysfs to pick up the new network namespace */ if (mount("sysfs", "/sys", "sysfs", MS_MGC_VAL, NULL) == -1) { perror("mount");