Menu
I'm trying to make a sandboxed environment using Linux namespaces. I've found a neat example at https://github.com/swetland/mkbox that roughly does what I want, but I'd like a credible /proc to appear inside the sandbox. How can I do that?
I tried bind mounting the proc FS on "proc", but that fails with EINVAL. When I try to mount "proc" normally, it yields EPERM.
ideas?
592
A local guru figured this out for me: the proc must use the (undocumented?) MS_REC flag, like so:
ok(mount, "/proc", "proc", NULL, MS_REC|MS_BIND, NULL);
the bind mount only does something useful if CLONE_PIDNS is not set, obviously.
96
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With