From 318430cbb3b2ceefe51518ecccabbdabb32ffe3b Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Wed, 26 Aug 2020 18:52:10 +0900
Subject: [PATCH] executor/linux: change mount propagation type to private

unshare(CLONE_NEWNS) might not be sufficient for making all test processes run in
separate mount namespace, for "mount --make-rshared /" request issued by systemd
causes mount operations issued by test processes visible from outside of test
processes. Issue "mount --make-rprivate /" request after unshare(CLONE_NEWNS).
---
 executor/common_linux.h  | 3 +++
 pkg/csource/generated.go | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/executor/common_linux.h b/executor/common_linux.h
index deb0487f..43da7be1 100644
--- a/executor/common_linux.h
+++ b/executor/common_linux.h
@@ -3318,6 +3318,9 @@ static void sandbox_common()
 	if (unshare(CLONE_NEWNS)) {
 		debug("unshare(CLONE_NEWNS): %d\n", errno);
 	}
+	if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL)) {
+		debug("mount(\"/\", MS_REC | MS_PRIVATE): %d\n", errno);
+	}
 	if (unshare(CLONE_NEWIPC)) {
 		debug("unshare(CLONE_NEWIPC): %d\n", errno);
 	}
diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go
index b5dc79b5..077355ad 100644
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@@ -7576,6 +7576,9 @@ static void sandbox_common()
 	if (unshare(CLONE_NEWNS)) {
 		debug("unshare(CLONE_NEWNS): %d\n", errno);
 	}
+	if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL)) {
+		debug("mount(\"/\", MS_REC | MS_PRIVATE): %d\n", errno);
+	}
 	if (unshare(CLONE_NEWIPC)) {
 		debug("unshare(CLONE_NEWIPC): %d\n", errno);
 	}