os/exec: doing a chroot when unsharing the namespace breaks unsharing on some distros

[rminnich]

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

go tip of tree, 31c96f, although the problem will occur on any go version that
supports Chroot and Unshare in the Linux Sysprocattr.

What operating system and processor architecture are you using (go env)?

linux/amd64

What did you do?

package main

import (
"fmt"
"os"
"os/exec"
"syscall"
)

func main() {
if len(os.Args) == 1 {
cmd := exec.Command(os.Args[0], "a")
cmd.SysProcAttr = &syscall.SysProcAttr{Chroot: "/tmp", Unshareflags: syscall.CLONE_NEWNS}
o, err := cmd.CombinedOutput()
fmt.Printf("%v, %v\n", o, err)
}
}

rminnich@akaros:/projects/u-root/go1.6dynamic/src$ go build x.go
rminnich@akaros:/projects/u-root/go1.6dynamic/src$ sudo ./x
[sudo] password for rminnich:
[], fork/exec ./x: invalid argument

What did you expect to see?

The process should run correctly.

What did you see instead?

The process fails, as the unshare is done after the Chroot.

This problem is a consequence of a bug fix I put in earlier, d8ed44, to resolve unsharing namespaces on systems running systemd. It cropped up when I was using the u-root implementation of unshare.