buildFhsUserenv: don't leak mounts to other processesorigin/backport-125804-to-release-21.05

If run as root we were leaking mounts to the parent namespace,
which lead to an error when removing the temporary mountroot.
To fix this we remount the whole tree as private as soon as we created
the new mountenamespace.

(cherry picked from commit 43908f4c1d8489ca284c47fb835ec3fa348016b0)

1 files changed, 3 insertions, 1 deletions

diff --git a/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c b/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c
index a438b80e1829..27e70e3fe5c4 100644
--- a/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c
+++ b/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c
@@ -43,7 +43,6 @@ const gchar *create_tmpdir() {
 void pivot_host(const gchar *guest) {
   g_autofree gchar *point = g_build_filename(guest, "host", NULL);
   fail_if(g_mkdir(point, 0755));
-  fail_if(mount(0, "/", 0, MS_PRIVATE | MS_REC, 0));
   fail_if(pivot_root(guest, point));
 }
 
@@ -122,6 +121,9 @@ int main(gint argc, gchar **argv) {
       fail("unshare", unshare_errno);
     }
 
+    // hide all mounts we do from the parent
+    fail_if(mount(0, "/", 0, MS_PRIVATE | MS_REC, 0));
+
     if (uid != 0) {
       spit("/proc/self/setgroups", "deny");
       spit("/proc/self/uid_map", "%d %d 1", uid, uid);