From d78e141f709eb871b83b855831edffe9581e7e73 Mon Sep 17 00:00:00 2001
From: Jagger <robert@swiecki.net>
Date: Thu, 12 May 2016 22:25:48 +0200
Subject: [PATCH] Use a subprocess to setup unshare mount /proc

---
 mount.c   | 32 +++++++++++++++++++++++++++++++-
 subproc.c |  2 +-
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/mount.c b/mount.c
index 6ce9614..1fe466b 100644
--- a/mount.c
+++ b/mount.c
@@ -23,6 +23,7 @@
 
 #include <errno.h>
 #include <fcntl.h>
+#include <sched.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
@@ -31,6 +32,7 @@
 #include <sys/statvfs.h>
 #include <sys/syscall.h>
 #include <sys/types.h>
+#include <sys/wait.h>
 #include <unistd.h>
 
 #include "log.h"
@@ -128,7 +130,7 @@ static bool mountRemountRO(struct mounts_t *mpt)
 	return true;
 }
 
-bool mountInitNs(struct nsjconf_t * nsjconf)
+static bool mountInitNsInternal(struct nsjconf_t *nsjconf)
 {
 	if (nsjconf->clone_newns == false) {
 		if (chroot(nsjconf->chroot) == -1) {
@@ -205,3 +207,31 @@ bool mountInitNs(struct nsjconf_t * nsjconf)
 
 	return true;
 }
+
+/*
+ * With mode MODE_STANDALONE_EXECVE it's required to mount /proc inside a new process,
+ *  as the current process is still in the original PID namespace (man pid_namespaces)
+ */
+bool mountInitNs(struct nsjconf_t * nsjconf)
+{
+	if (nsjconf->mode != MODE_STANDALONE_EXECVE) {
+		return mountInitNsInternal(nsjconf);
+	}
+
+	pid_t pid =
+	    syscall(__NR_clone, (uintptr_t) CLONE_FS | SIGCHLD, NULL, NULL, NULL, (uintptr_t) 0);
+	if (pid == -1) {
+		return false;
+	}
+
+	if (pid == 0) {
+		exit(mountInitNsInternal(nsjconf) ? 0 : 1);
+	}
+
+	int status;
+	while (wait4(pid, &status, 0, NULL) != pid) ;
+	if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
+		return true;
+	}
+	return false;
+}
diff --git a/subproc.c b/subproc.c
index 94b4329..57d20e6 100644
--- a/subproc.c
+++ b/subproc.c
@@ -280,7 +280,7 @@ static bool subprocInitParent(struct nsjconf_t *nsjconf, pid_t pid, int pipefd)
 
 void subprocDummyInit()
 {
-	pid_t pid = syscall(__NR_clone, (uintptr_t) 0, NULL, NULL, NULL, (uintptr_t) 0);
+	pid_t pid = syscall(__NR_clone, (uintptr_t) CLONE_FS, NULL, NULL, NULL, (uintptr_t) 0);
 	if (pid == -1) {
 		LOG_F("Couldn't create a dummy init process");
 	}
-- 
2.34.1