Let's consider this example:
int fsfd, mntfd, nsfd, nsdirfd;
nsfd = open("/proc/self/ns/pid", O_PATH);
nsdirfd = open("/proc/1/ns", O_DIRECTORY);
fsfd = fsopen("proc", FSOPEN_CLOEXEC);
/* "pidns" changes the value each time. */
fsconfig(fsfd, FSCONFIG_SET_PATH, "pidns", "/proc/self/ns/pid", AT_FDCWD);
fsconfig(fsfd, FSCONFIG_SET_PATH, "pidns", "pid", NULL, nsdirfd);
fsconfig(fsfd, FSCONFIG_SET_PATH_EMPTY, "pidns", "", nsfd);
fsconfig(fsfd, FSCONFIG_SET_FD, "pidns", NULL, nsfd);
fsconfig(fsfd, FSCONFIG_CMD_CREATE, NULL, NULL, 0);
mntfd = fsmount(fsfd, FSMOUNT_CLOEXEC, 0);
move_mount(mntfd, "", AT_FDCWD, "/proc", MOVE_MOUNT_F_EMPTY_PATH);
I don't like it. /proc/self/ns/pid is our namespace, which is default anyway.
I. e. setting pidns to /proc/self/ns/pid is no-op (assuming that "pidns" option is implemented in our kernel, of course).
Moreover, if /proc is mounted properly, then /proc/1/ns/pid refers to our namespace, too!
Thus, *all* these fsconfig(FSCONFIG_SET_...) calls are no-op.
Thus it is bad example.
I suggest using, say, /proc/2/ns/pid . It has actual chance to refer to some other namespace.
Also, sentence '"pidns" changes the value each time' is a lie: as I explained, all these calls are no-ops,
they don't really change anything.
--
Askar Safin
https://types.pl/@safinaskar
