All geek questions in one place

Linux - understanding the mount namespace and clone CLONE_NEWNS

I read mount and clone man page. I want to clarify how CLONE_NEWNS affects the file system representation of a child process.

(File hierarchy)

Let's look at this tree as a directory hierarchy. Let's assume that 5 and 6 are mount points in the parent process. I clarified the mount points in another question.

So, I understand: 5 and 6 are mount points, which means that the command mountwas previously used to "mount" file systems (directory hierarchies) to 5 and 6 (this means that there should be directory trees under 5 and 6 as well).

From the mountman page:

 A mount namespace is the set of filesystem mounts that are visible to a process.

From the cloneman page:

Every process lives in a mount namespace.  The namespace of a process is the data 
(the set of mounts) describing the file hierarchy as seen by that process.  After 
a fork(2) or clone() where the CLONE_NEWNS flag is not set, the child lives in the 
same mount namespace as the parent.

Also:

After a clone() where the CLONE_NEWNS flag is set, the cloned child is started in a 
new mount namespace, initialized with a copy of the namespace of the parent.

, clone() CLONE_NEWNS , , (5 6) ? , 5 6 , , 5 6 .

, , / , 5 6, ?

.

+12
2

" " - , . , , , clone().

, , : , , - (, mount), . mount.

. :

, , ?

, , , , , . mount ( , , ).

, , , , ( , t24 > ).

, , clone(), , , , , , (, , mount ).

CLONE_NEWNS clone(), , , . , , , ( mount ).

, CLONE_NEWNS , , (5 6)

. , clone().

, 5 6 , , 5 6 .

. CLONE_NEWNS, 5 , ( ) . , .

, , / , 5 6, ?

. CLONE_NEWNS, , , .

CLONE_NEWNS, , , , , , , . ( , fork().)

+15

, , . .

AFAICU. CLONE_NEWNS, , FS_USERNS_MOUNT. (- ). do_new_mount :

        if (user_ns != &init_user_ns) {
            if (!(type->fs_flags & FS_USERNS_MOUNT)) {
                    put_filesystem(type);
                    return -EPERM;
            }

, ,

+4

Source: https://habr.com/ru/post/1606155/

More articles:


All Articles