1. Change the root file system to /dev/hda1 from an interactive shell:
    3. mount /dev/hda1 /new-root
    4. cd /new-root
    5. pivot_root . old-root
    6. exec chroot . sh <dev/console >dev/console 2>&1
    7. umount /old-root

    因此执行pivot_root时,内部执行逻辑是:

    1. 第一步,把当前的rootfs mount到一个目录(比如old-root)
    2. 第二部,把进程的rootfs设置为新的

    所以需要在pivot_root之后,umount old-root。

    1. // pivotRoot will call pivot_root such that rootfs becomes the new root
    2. // filesystem, and everything else is cleaned up.
    3. func pivotRoot(rootfs string) error {
    4.     // While the documentation may claim otherwise, pivot_root(".", ".") is
    5.     // actually valid. What this results in is / being the new root but
    6.     // /proc/self/cwd being the old root. Since we can play around with the cwd
    7.     // with pivot_root this allows us to pivot without creating directories in
    8.     // the rootfs. Shout-outs to the LXC developers for giving us this idea.
    10.     oldroot, err := unix.Open("/", unix.O_DIRECTORY|unix.O_RDONLY, 0)
    11.     if err != nil {
    12.         return err
    13.     }
    14.     defer unix.Close(oldroot) //nolint: errcheck
    16.     newroot, err := unix.Open(rootfs, unix.O_DIRECTORY|unix.O_RDONLY, 0)
    17.     if err != nil {
    18.         return err
    19.     }
    20.     defer unix.Close(newroot) //nolint: errcheck
    22.     // Change to the new root so that the pivot_root actually acts on it.
    23.     if err := unix.Fchdir(newroot); err != nil {
    24.         return err
    25.     }
    27.     // "/" being the new root , /proc/self/cwd being the old root
    28.     // https://unix.stackexchange.com/questions/571823/strange-behaviour-of-pivot-root-in-mount-namespace
    29.     // You can call pivot_root(".", ".") which avoids the need for a directory to put the old root into. 
    30.     if err := unix.PivotRoot(".", "."); err != nil {
    31.         return fmt.Errorf("pivot_root %s", err)
    32.     }
    34.     // Currently our "." is oldroot (according to the current kernel code).
    35.     // However, purely for safety, we will fchdir(oldroot) since there isn't
    36.     // really any guarantee from the kernel what /proc/self/cwd will be after a
    37.     // pivot_root(2).
    39.     if err := unix.Fchdir(oldroot); err != nil {
    40.         return err
    41.     }
    43.     // Make oldroot rslave to make sure our unmounts don't propagate to the
    44.     // host (and thus bork the machine). We don't use rprivate because this is
    45.     // known to cause issues due to races where we still have a reference to a
    46.     // mount while a process in the host namespace are trying to operate on
    47.     // something they think has no mounts (devicemapper in particular).
    48.     // 修改oldroot的mount属性
    49.     if err := unix.Mount("", ".", "", unix.MS_SLAVE|unix.MS_REC, ""); err != nil {
    50.         return err
    51.     }
    53.     // Preform the unmount. MNT_DETACH allows us to unmount /proc/self/cwd.
    54.     if err := unix.Unmount(".", unix.MNT_DETACH); err != nil {
    55.         return err
    56.     }
    58.     // Switch back to our shiny new root.
    59.     if err := unix.Chdir("/"); err != nil {
    60.         return fmt.Errorf("chdir / %s", err)
    61.     }
    62.     return nil
    63. }