net: mount sysfs in a new mount name-space

The current scheme is racy. It use open_detache_mount in a current
name-space. If a mount namespace is created by someone else between
mount and umount(detach) in open_detache_mount, the mount will be
propagated in the new mntns, then it is detached in a current ns and
rmdir fails, because it's still mounted in athother mntns.

This patch creates a new mount namespace for mounting sysfs.

Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

net.c

@@ -434,6 +434,20 @@ static int mount_ns_sysfs(void)
 
 	BUG_ON(ns_sysfs_fd != -1);
 
+	/*
+	 * A new mntns is required to avoid the race between
+	 * open_detach_mount and creating mntns.
+	 */
+	if (unshare(CLONE_NEWNS)) {
+		pr_perror("Can't create new mount namespace");
+		return -1;
+	}
+
+	if (mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL)) {
+		pr_perror("Can't mark the root mount as private");
+		return -1;
+	}
+
 	if (mkdtemp(sys_mount) == NULL) {
 		pr_perror("mkdtemp failed %s", sys_mount);
 		return -1;