Comment 3 for bug 1870554

In the netns_switch() function, the original code attempts to unmount the /sys filesystem and mount it again when switching network namespaces. This has been causing issues with the filesystems mounted beneath /sys, particularly /sys/fs/cgroup, which are not being mounted within network namespaces created by ip-netns(8).

To resolve this issue, I have removed the calls to umount2() and mount() related to the /sys filesystem in the function. This change ensures that the /sys hierarchy remains intact within network namespaces, and the reported bug should be resolved. Here is the updated function, which no longer unmounts and mounts /sys:

int netns_switch(char *name)
{
 char net_path[PATH_MAX];
 int netns;

 snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name);
 netns = open(net_path, O_RDONLY | O_CLOEXEC);
 if (netns < 0) {
  fprintf(stderr, "Cannot open network namespace \"%s\": %s\n",
   name, strerror(errno));
  return -1;
 }

 if (setns(netns, CLONE_NEWNET) < 0) {
  fprintf(stderr, "setting the network namespace \"%s\" failed: %s\n",
   name, strerror(errno));
  close(netns);
  return -1;
 }
 close(netns);

 if (unshare(CLONE_NEWNS) < 0) {
  fprintf(stderr, "unshare failed: %s\n", strerror(errno));
  return -1;
 }
 /* Don't let any mounts propagate back to the parent */
 if (mount("", "/", "none", MS_SLAVE | MS_REC, NULL)) {
  fprintf(stderr, "\"mount --make-rslave /\" failed: %s\n",
   strerror(errno));
  return -1;
 }

 /* Setup bind mounts for config files in /etc */
 bind_etc(name);
 return 0;
}

This modification should address the bug and maintain the proper mounting of filesystems under /sys within network namespaces.