运行之后关闭之后,ubuntu的/proc就没有了

[erjiguan]

[AlbinZhang]

http://old-releases.ubuntu.com/releases/14.04.0/ubuntu-14.04-desktop-amd64.iso 提供一个和作者内核版本一样的 ubuntu

[readlnh]

请问这个问题怎么解决的呢

[readlnh]

发现是systemd的锅...

[Sherlock-Holo]

kernel: 5.0.4 在 namespace 里面 mount /proc 后，退出后 host /proc 需要重新 mount 请问怎么解决这个问题

[readlnh]

kernel: 5.0.4 在 namespace 里面 mount /proc 后，退出后 host /proc 需要重新 mount 请问怎么解决这个问题

// systemd 加入linux之后, mount namespace 就变成 shared by default, 所以你必须显示
	//声明你要这个新的mount namespace独立。
	syscall.Mount("", "/", "", syscall.MS_PRIVATE | syscall.MS_REC, "")

	defualtMountFlags := syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV
	syscall.Mount("proc", "/proc", "proc", uintptr(defualtMountFlags), "")

[BSWANG]

@readlnh 赞，方便的话可以把适配代码提交PR到项目中，感谢！

[readlnh]

@readlnh 赞，方便的话可以把适配代码提交PR到项目中，感谢！

我可以尝试下，不过不知道应该提交到哪个分支

[xianlubird]

@readlnh master branch

[dadahua555]

kernel: 5.0.4 在 namespace 里面 mount /proc 后，退出后 host /proc 需要重新 mount 请问怎么解决这个问题

// systemd 加入linux之后, mount namespace 就变成 shared by default, 所以你必须显示
	//声明你要这个新的mount namespace独立。
	syscall.Mount("", "/", "", syscall.MS_PRIVATE | syscall.MS_REC, "")

	defualtMountFlags := syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV
	syscall.Mount("proc", "/proc", "proc", uintptr(defualtMountFlags), "")

请问：syscall.Mount("", "/", "", syscall.MS_PRIVATE | syscall.MS_REC, "")和在命令行输入unshare -m的效果一样吗？

[yudidi]

共享子树感觉理解不到,谁有好的资料可以分享下吗?

[yuanshuli11]

发现是systemd的锅...

厉害了，发现的步骤是怎样的呢？ 的确解决了我的问题。

我用腾讯云centos开发， 每次运行后。 不仅需要重新 mount。 而且再用ssh连机器 都连不上～～～

加上 syscall.Mount("", "/", "", syscall.MS_PRIVATE | syscall.MS_REC, "") 后就好了

[0x2E]

感谢 @readlnh 的解答！

这里补充一下 mount 官方文档的完整解释：

https://man7.org/linux/man-pages/man7/mount_namespaces.7.html#NOTES

The propagation type assigned to a new mount depends on the propagation type of the parent mount. If the mount has a parent (i.e., it is a non-root mount point) and the propagation type of the parent is MS_SHARED, then the propagation type of the new mount is also MS_SHARED. Otherwise, the propagation type of the new mount is MS_PRIVATE.

Notwithstanding the fact that the default propagation type for new mount is in many cases MS_PRIVATE, MS_SHARED is typically more useful. For this reason, systemd(1) automatically remounts all mounts as MS_SHARED on system startup. Thus, on most modern systems, the default propagation type is in practice MS_SHARED.

Since, when one uses unshare(1) to create a mount namespace, the goal is commonly to provide full isolation of the mounts in the new namespace, unshare(1) (since util-linux version 2.27) in turn reverses the step performed by systemd(1), by making all mounts private in the new namespace. That is, unshare(1) performs the equivalent of the following in the new mount namespace:

mount --make-rprivate /

To prevent this, one can use the --propagation unchanged option to unshare(1).

An application that creates a new mount namespace directly using clone(2) or unshare(2) may desire to prevent propagation of mount events to other mount namespaces (as is done by unshare(1)). This can be done by changing the propagation type of mounts in the new namespace to either MS_SLAVE or MS_PRIVATE, using a call such as the following:

mount(NULL, "/", MS_SLAVE | MS_REC, NULL);

For a discussion of propagation types when moving mounts (MS_MOVE) and creating bind mounts (MS_BIND), see Documentation/filesystems/sharedsubtree.txt.