mock
mock copied to clipboard
Revisit the unshare(CLONE_NEWNS) use
See #234 and --make-rprivate
discussion, even though it didn't mention the real reason why it was added (explained in #315).
We should better take care of all the mount points, because actually it doesn't seem to be useful to call unshare()
on shared
mounts (bacuse it has no effect; no isolation). Basically I think that we should:
- do all the "public" mounts (those which are expected to be visible from host) before calling
unshare()
- the rest of mounts should be done after unshare, and we should apply
--make-rprivate
to the root directory the above applies to mock plugins as well.
But first, we should have proper test coverage:
- [ ] gtest that LVM/tmpfs plugin works
- [ ] test that mock works in Fedora toolbox environment (old-chroot only)
- [ ] test that bootstrap build works
- [ ] test that host's mount points (the default namespace) aren't affected at all after running --scrub
Could changing of how these mount points are handled fix https://bugzilla.redhat.com/show_bug.cgi?id=1750000 ?