Re: Orphan filesystems after mount namespace destruction and tmpfs "leak"

Next message: Damien Dejean: "[PATCH v5 4/4] net: phy: realtek: add RTL8224 polarity support"
Previous message: Damien Dejean: "[PATCH v5 3/4] dt-bindings: net: ethernet-phy: add property enet-phy-lane-polarity"
In reply to: Kiryl Shutsemau: "Re: Orphan filesystems after mount namespace destruction and tmpfs &quot;leak&quot;"
Next in thread: Christian Brauner: "Re: Orphan filesystems after mount namespace destruction and tmpfs &quot;leak&quot;"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Askar Safin

Date: Mon Feb 02 2026 - 15:06:31 EST

Kiryl Shutsemau <kas@xxxxxxxxxx>:
> Hi,

I think I know how to fix the problem.

The problem is in your container manager. It seems that the container
manager doesn't unmount filesystems or unmounts them with MNT_DETACH
(i. e. lazy).

What you should do is to make your container manager actually iterate
over all filesystems and unmount them without MNT_DETACH.

Of course, this will not work in your scenario. "umount" call will fail.
But at very least you will actually get failing syscall. I. e. you will
get fail instead of silent leak.

You may go further: if umount on tmpfs fails, then simply go and remove
all files in that tmpfs. And then unmount it using MNT_DETACH.

In fact, this will not remove all files. This process will remove all files
it can remove. I. e. exactly what you need! I. e. it will remove whole
47 GiB of data and just keep 4k, which are actually busy.

Feel free to ask me any questions.

--
Askar Safin