tarou.c

#define _GNU_SOURCE
#include <stdio.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <sys/types.h>
#include <sys/apparmor.h>
#include <sched.h>
#include <sys/mount.h>
#include <fcntl.h>

int main()
{
  char *const cmd[] = {"/bin/bash", NULL};
  int rc;

  rc = unshare(CLONE_NEWPID|CLONE_NEWNS);
  if (rc < 0) {
    perror("unshare failed\n");
    return -1;
  }

  if (mount("none", "/", NULL, MS_PRIVATE, NULL) == -1) {
    perror("mount failed");
    return -1;
  }

  if (mount("/var/lib/haconiwa/ubuntu", "/var/lib/haconiwa/ubuntu", "bind", MS_BIND | MS_REC, NULL) == -1) {
    printf("mount failed\n");
    return -1;
  }

  int oldroot = open("/", O_DIRECTORY | O_RDONLY);
  if (oldroot < 0) {
    perror("failed to open oldroot");
    return -1;
  }
  int newroot = open("/var/lib/haconiwa/ubuntu", O_DIRECTORY | O_RDONLY);
  if (newroot < 0) {
    perror("failed to open newroot ");
    return -1;
  }

  rc = fchdir(newroot);
  if (rc < 0) {
    perror("fchdir faild\n");
    return -1;
  }

  rc = aa_change_onexec("haconiwa-test");
  if (rc < 0) {
    perror("failed to aa_change_onexec");
    return -1;
  }

  // rc = pivot_root("/var/lib/haconiwa/ubuntu", "/var/lib/haconiwa/ubuntu");
  rc = pivot_root(".", ".");
  if (rc < 0) {
    perror("pivot_root failed\n");
    return -1;
  }

  rc = fchdir(oldroot);
  if (rc < 0) {
    perror("old dir fchdir faild\n");
    return -1;
  }

  pid_t pid = fork();

  if (pid == 0) {
    if (mount("/proc", "/proc", "proc", NULL, NULL) == -1) {
      printf("proc mount failed\n");
      return -1;
    }
    execv("/bin/bash", cmd);
  }

  printf("waiting...\n");
  waitpid(pid, 0, 0);
  printf("exited\n");
  return 0;
}