process-util: add a new FORK_MOUNTNS_SLAVE flag for safe_fork()

We already have a flag for creating a new mount namespace for the child.
Let's add an extension to that: a new FORK_MOUNTNFS_SLAVE flag. When
used in combination will mark all mounts in the child namespace as
MS_SLAVE so that the child can freely mount or unmount stuff but it
won't leak into the parent.

2 files changed, 12 insertions, 0 deletions

diff --git a/src/basic/process-util.c b/src/basic/process-util.c
index 43bad9009..a52f95e76 100644
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -17,6 +17,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <sys/mman.h>
+//#include <sys/mount.h>
 #include <sys/personality.h>
 #include <sys/prctl.h>
 #include <sys/types.h>
@@ -1356,6 +1357,16 @@ int safe_fork_full(
                 }
         }
 
+        if ((flags & (FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE)) == (FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE)) {
+
+                /* Optionally, make sure we never propagate mounts to the host. */
+
+                if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) {
+                        log_full_errno(prio, errno, "Failed to remount root directory as MS_SLAVE: %m");
+                        _exit(EXIT_FAILURE);
+                }
+        }
+
         if (flags & FORK_CLOSE_ALL_FDS) {
                 /* Close the logs here in case it got reopened above, as close_all_fds() would close them for us */
                 log_close();
diff --git a/src/basic/process-util.h b/src/basic/process-util.h
index a5f749b4e..042f24933 100644
--- a/src/basic/process-util.h
+++ b/src/basic/process-util.h
@@ -181,6 +181,7 @@ typedef enum ForkFlags {
         FORK_LOG           = 1U << 5,
         FORK_WAIT          = 1U << 6,
         FORK_NEW_MOUNTNS   = 1U << 7,
+        FORK_MOUNTNS_SLAVE = 1U << 8,
 } ForkFlags;
 
 int safe_fork_full(const char *name, const int except_fds[], size_t n_except_fds, ForkFlags flags, pid_t *ret_pid);