Bug#609427: [PATCH] Bug #609427: Disable bind-mount propagation

Philipp Hahn hahn at univention.de
Fri Jan 26 10:56:34 UTC 2018 

If multiple "pbuilder"s run in parallel using --bindmounts, the first
environment inherits any mounts from the second environment:

$ mount | grep --color /$BUILDTMP

> /proc on /$BUILDTMP/cow.10949/proc type proc
> tmpfs on /$BUILDTMP/cow.10949/run/shm type tmpfs
> /dev/pts on /$BUILDTMP/cow.10949/dev/pts type devpts
> /dev/md0 on /$BUILDTMP/cow.10949/tmp/apt-8804 type ext4
> /dev/md0 on /$BUILDTMP/cow.10949/$BUILDTMP type ext4
This is the first environment (PID=10949).

> /proc on /$BUILDTMP/cow.11327/proc type proc (rw,relatime)
> tmpfs on /$BUILDTMP/cow.11327/run/shm type tmpfs
> /dev/pts on /$BUILDTMP/cow.11327/dev/pts type devpts
> /dev/md0 on /$BUILDTMP/cow.11327/tmp/apt-9148 type ext4
> /dev/md0 on /$BUILDTMP/cow.11327/$BUILDTMP type ext4
This is the second environment (PID=11327), ...

> /proc on /$BUILDTMP/cow.10949/$BUILDTMP/cow.11327/proc type proc
> tmpfs on /$BUILDTMP/cow.10949/$BUILDTMP/cow.11327/run/shm type tmpfs
> /dev/pts on /$BUILDTMP/cow.10949/$BUILDTMP/cow.11327/dev/pts type devpts
> /dev/md0 on /$BUILDTMP/cow.10949/$BUILDTMP/cow.11327/tmp/apt-9148 type ext4
> /dev/md0 on /$BUILDTMP/cow.10949/$BUILDTMP/cow.11327/$BUILDTMP type ext4
..., which also got propagated into the first environment!

This is done by default with "pdebuild --use-pdebuild-internal"!

Use "mount --make-private" on Linux to prevent the propagation of later
mounts into previous environments.

This requires git:util-linux v2.23-rc1~351; Debian-Jessie has 2.25.2-6,
but Wheezy only has 2.20.1-5.3
---
 pbuilder-modules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pbuilder-modules b/pbuilder-modules
index 73e38fe..9c7e0f5 100644
--- a/pbuilder-modules
+++ b/pbuilder-modules
@@ -453,7 +453,7 @@ function mountproc () {
         mount -t firmlink /servers "$BUILDPLACE/servers" || true
         mounted[${#mounted[@]}]="$BUILDPLACE/servers"
     fi
-    MOUNTPARAMS="-obind"
+    MOUNTPARAMS="-obind --make-private"
     [ "$DEB_BUILD_ARCH_OS" = "kfreebsd" ] && MOUNTPARAMS="-t nullfs"
     for mnt in $BINDMOUNTS; do
         mntpoint=${mnt#*:}
-- 
2.11.0

More information about the Pbuilder-maint mailing list