unmount container mounts in container mnt ns

Otherwise we are in init process mnt ns and have no idea of
what is mounted by containers.

Signed-off-by: Peng Tao <[email protected]>

Author: bergwolf

src/container.c

@@ -789,15 +789,52 @@ struct hyper_container *hyper_find_container(struct hyper_pod *pod, const char *
 	return NULL;
 }
 
-void hyper_cleanup_container(struct hyper_container *c, struct hyper_pod *pod)
+static void hyper_cleanup_container_mounts(struct hyper_container *container, struct hyper_pod *pod)
 {
-	char root[512];
+	int pid, pipe[2] = {-1, -1};
 
-	sprintf(root, "/tmp/hyper/%s/devpts/", c->id);
-	if (umount(root) < 0 && umount2(root, MNT_DETACH))
-		perror("umount devpts failed");
+	if (pipe2(pipe, O_CLOEXEC) < 0) {
+		perror("create pipe for unmount failed");
+		return;
+	}
+
+	pid = fork();
+	if (pid < 0) {
+		perror("fork unmount process failed");
+		goto out;
+	} else if (pid == 0) {
+		if (hyper_enter_sandbox(pod, -1) < 0) {
+			hyper_send_type(pipe[1], -1);
+			_exit(-1);
+		}
+		if (setns(container->ns, CLONE_NEWNS) < 0) {
+			perror("fail to enter container ns");
+			hyper_send_type(pipe[1], -1);
+			_exit(-1);
+		}
+		hyper_unmount_all();
+		hyper_send_type(pipe[1], 0);
+		_exit(0);
+	}
+	hyper_get_type(pipe[0], (uint32_t *)&pid);
 
+out:
+	close(pipe[0]);
+	close(pipe[1]);
+}
+
+void hyper_cleanup_container(struct hyper_container *c, struct hyper_pod *pod)
+{
+	hyper_cleanup_container_mounts(c, pod);
 	close(c->ns);
 	hyper_cleanup_container_portmapping(c, pod);
 	hyper_free_container(c);
 }
+
+void hyper_cleanup_mounts(struct hyper_pod *pod)
+{
+	struct hyper_container *c;
+
+	list_for_each_entry(c, &pod->containers, list)
+		hyper_cleanup_container_mounts(c, pod);
+}

src/container.h

@@ -58,6 +58,7 @@ struct hyper_pod;
 int hyper_setup_container(struct hyper_container *container, struct hyper_pod *pod);
 struct hyper_container *hyper_find_container(struct hyper_pod *pod, const char *id);
 void hyper_cleanup_container(struct hyper_container *container, struct hyper_pod *pod);
+void hyper_cleanup_mounts(struct hyper_pod *pod);
 void hyper_free_container(struct hyper_container *c);
 
 static inline int hyper_has_container(struct hyper_pod *pod, const char *id) {

src/exec.c

@@ -715,7 +715,7 @@ static int hyper_release_exec(struct hyper_exec *exec)
 
 		if (--exec->pod->remains == 0 && exec->pod->req_destroy) {
 			/* shutdown vm manually, hyper doesn't care the pod finished codes */
-			hyper_pod_destroyed(0);
+			hyper_pod_destroyed(exec->pod, 0);
 		}
 
 		return 0;

src/hyper.h

@@ -84,7 +84,7 @@ static inline int hyper_create(char *hyper_path)
 }
 
 int hyper_enter_sandbox(struct hyper_pod *pod, int pidpipe);
-void hyper_pod_destroyed(int failed);
+void hyper_pod_destroyed(struct hyper_pod *pod, int failed);
 int hyper_ctl_append_msg(struct hyper_event *he, uint32_t type, uint8_t *data, uint32_t len);
 
 extern struct hyper_epoll hyper_epoll;

src/init.c

@@ -560,8 +560,9 @@ static void hyper_flush_channel()
 	hyper_send_data_block(hyper_epoll.tty.fd, tty_buf->data, tty_buf->get);
 }
 
-void hyper_pod_destroyed(int failed)
+void hyper_pod_destroyed(struct hyper_pod *pod, int failed)
 {
+	hyper_cleanup_mounts(pod);
 	hyper_ctl_append_msg(&hyper_epoll.ctl, failed?ERROR:ACK, NULL, 0);
 	// Todo: this doesn't make sure peer receives the data
 	hyper_flush_channel();
@@ -574,7 +575,7 @@ static int hyper_destroy_pod(struct hyper_pod *pod, int error)
 {
 	if (pod->init_pid == 0 || pod->remains == 0) {
 		/* Pod stopped, just shutdown */
-		hyper_pod_destroyed(error);
+		hyper_pod_destroyed(pod, error);
 	} else {
 		/* Kill pod */
 		hyper_term_all(pod);

src/util.c

@@ -746,7 +746,7 @@ int hyper_setfd_nonblock(int fd)
 	return flags;
 }
 
-static void hyper_unmount_all(void)
+void hyper_unmount_all(void)
 {
 	FILE *mtab;
 	struct mntent *mnt;

src/util.h

@@ -36,6 +36,7 @@ int hyper_setfd_cloexec(int fd);
 int hyper_setfd_block(int fd);
 int hyper_setfd_nonblock(int fd);
 void hyper_shutdown();
+void hyper_unmount_all(void);
 int hyper_insmod(char *module);
 bool hyper_name_to_id(const char *name, unsigned long *val);
 struct passwd *hyper_getpwnam(const char *name);