mountinfo: linux: use /proc/thread-self/mountinfo

In a Go program with many threads, which goroutine is running on the thread-group leader thread is not something programs can controls. Thus, even if you use runtime.LockOSThread() for threads that have different mount namespaces, it's possible that /proc/self will refer to the "wrong" thread. The solution is to simply use /proc/thread-self, which will always provide the correct result for the calling thread. The usage of /proc/self/mountinfo caused isuses for a patch to runc which creates a thread to create id-mapped mounts (which requires joining the container mount namespace). Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
moby · Aug 24, 2023 · da2df1c · da2df1c
1 parent eac9a7f
commit da2df1c
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/mountinfo/mountinfo_linux.go b/mountinfo/mountinfo_linux.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"runtime"
 	"strconv"
 	"strings"
 )
@@ -128,7 +129,13 @@ func GetMountsFromReader(r io.Reader, filter FilterFunc) ([]*Info, error) {
 }
 
 func parseMountTable(filter FilterFunc) ([]*Info, error) {
-	f, err := os.Open("/proc/self/mountinfo")
+	// We need to lock ourselves to the current OS thread in order to make sure
+	// that the thread referenced by /proc/thread-self stays alive until we
+	// finish parsing the file.
+	runtime.LockOSThread()
+	defer runtime.UnlockOSThread()
+
+	f, err := os.Open("/proc/thread-self/mountinfo")
 	if err != nil {
 		return nil, err
 	}