Package: mininet
Version: 2.2.1-1
Severity: normal

Dear Maintainer,

mnexec, which is used to spawn mininet's node processes in a different 
mount and network namespace, does not correctly cope with systemd's 
default of making the root mount namespace hierarchy shared (see #739593 
for details).

In particular, mounts happening inside the node namespaces are visible 
from the rest of the system as well, which breaks things if e.g. one 
wants to mount a tmpfs under /run/network using privateDirs, especially 
since the node processes share the same root filesystem with the rest of 
the system. Also, as a result of using a shared mount hierarchy, the 
/sys mounts performed by mnexec on startup are not cleaned up on mininet 
termination and slowly pile up after successive mininet executions.

The attached patch makes sure that the whole filesystem hierarchy is 
marked as private in the new namespace, i.e. new mounts from the root 
system will not propagate to the node namespaces and mounts performed in 
the node namespaces will remain invisible to the rest of the system and 
will be cleaned up on node termination.

Regards,
Apollon

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable'), (90, 'unstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=el_GR.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages mininet depends on:
ii  cgroup-bin            0.41-6
ii  iperf                 2.0.5+dfsg1-2
ii  libc6                 2.19-18
ii  openvswitch-switch    2.3.0+git20140819-3
ii  python                2.7.9-1
ii  python-pkg-resources  17.0-1
ii  socat                 1.7.3.0-1
ii  telnet                0.17-40

mininet recommends no packages.

mininet suggests no packages.

-- debconf-show failed
Author: Apollon Oikonomopoulos <apoi...@debian.org>
Subject: mnexec: properly setup the mount namespace
 Systemd's default is to mark the root mount as shared and it is inherited as
 such by the new mount namespace. This means that any mounts performed in the
 new namespace will be visible by the rest of the system, breaking privateDirs.
 .
 To restore a more sane behaviour, we explicitly mark all mounts recursively as
 private, meaning that we will no longer see new mounts from the root
 namespace, and our mounts will also not propagate to the rest of the system.
Last-Update: 2015-09-21
--- a/mnexec.c
+++ b/mnexec.c
@@ -130,6 +130,15 @@
                 perror("unshare");
                 return 1;
             }
+
+           /* Mark our whole hierarchy recursively as private, so that our
+            * mounts do not propagate to other processes.
+            */
+           if (mount("none", "/", NULL, MS_REC|MS_PRIVATE, NULL) == -1) {
+               perror("remount");
+               return 1;
+           }
+
             /* mount sysfs to pick up the new network namespace */
             if (mount("sysfs", "/sys", "sysfs", MS_MGC_VAL, NULL) == -1) {
                 perror("mount");

Reply via email to