pivot_root fails with user namespace used

[magicyuli]

pivot_root succeeds if user namespace is not used, but fails with EINVAL (os error 22). Bind mounting the new_root to itself solves it. I think that's a hack used by go example as well. Maybe the CloneCb should include this logic?

Environment: Xenial 4.9.125-linuxkit #1 SMP Fri Sep 7 08:20:28 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

[magicyuli]

Or add an after_clone callback? There's currently a before_exec callback, which is called just right before execve.

[tailhook]

Hi!

I'm not sure it's because of user namespace. Isn't it because pivot_root requires both things to be mountpoints not mere directories?

I'm all for adding documentation describing the issue. But I don't think this should be done always. Adding a convenience method may be okay, though.

[magicyuli]

Thanks for the prompt response!

Yeah, I did make sure the new_root was a mount point, and put_old had nothing mounted to it, and was under new_root. Without using the user namespace it works without any problem, and that's why I think user namespace plays a part here.