During the review of the new
cifs-mount-control we noticed that the path
/run/mount/utab needs to be written to. This is a problem because we share that file with the initial mount namespace. The file is used by libmount to record some userspace-only facts about existing mounts.
What is apparent if you look at that file is that it is not namespace aware. I had a quick look at what happens in LXC/LXD and you can see that a vanilla tmpfs is mounted over all of /run so that the file is not clashing there.
In our case the file is even more tricky as (in an ideal world) it would show all the mounted things that apply from the initial namespace as well as the things that are mounted on the inside of the snap. Obviously the host is free to mutate the file (as a result of mount operations) and such updates should be reflected on the inside.
One possible (low-tech) solution would involve snap-confine making a copy of that file on snap startup, hiding the original and snapd observing the original file (e.g. inotify of fanotify) and on each transaction on that file, lock it in a way compatible with libmount, take a snapshot, compute the changes and apply them to the inside of each mount namespace.
I’m investigating libmount in more detail to see how it is being used and what would happen if we have an imperfect solution.