2 files changed, 18 insertions, 6 deletions

diff --git a/src/runner/container/ns.rs b/src/runner/container/ns.rs
index 1001dc0..4143ea9 100644
--- a/src/runner/container/ns.rs
+++ b/src/runner/container/ns.rs
@@ -1,10 +1,10 @@
 use nix::{
-	mount::{self, MsFlags},
+	mount::{self, MntFlags, MsFlags},
 	sched::CloneFlags,
-	unistd::{Gid, Pid, Uid},
+	unistd::{self, Gid, Pid, Uid},
 };
 
-use crate::util::clone;
+use crate::util::{clone, error::*};
 
 pub fn mount_proc() {
 	mount::mount::<_, _, _, str>(Some("proc"), "/proc", Some("proc"), MsFlags::empty(), None)
@@ -38,3 +38,16 @@ where
 		f(arg)
 	})
 }
+
+pub fn pivot_root(path: &str) {
+	(|| -> Result<()> {
+		unistd::chdir(path).context("chdir()")?;
+		mount::mount::<_, _, str, str>(Some("/proc"), "proc", None, MsFlags::MS_BIND, None)
+			.context("Failed to bind mount /proc")?;
+		unistd::pivot_root(".", ".").context("pivot_root()")?;
+		mount::umount2(".", MntFlags::MNT_DETACH).context("umount2()")?;
+		unistd::chdir("/").context("chdir(\"/\")")?;
+		Ok(())
+	})()
+	.expect("Failed to pivot root");
+}
diff --git a/src/runner/container/tar.rs b/src/runner/container/tar.rs
index 5800aa0..a0bbd3c 100644
--- a/src/runner/container/tar.rs
+++ b/src/runner/container/tar.rs
@@ -10,7 +10,6 @@ use nix::{
 	mount::{self, MsFlags},
 	sched::CloneFlags,
 	sys::wait,
-	unistd,
 };
 
 use crate::{
@@ -34,8 +33,7 @@ pub fn pack<W: Write, P: AsRef<Path>>(archive: &mut W, source: P) -> Result<()>
 			None,
 		)?;
 
-		unistd::chroot(paths::ROOTFS_DIR).context("chroot()")?;
-		unistd::chdir(paths::abs(paths::TASK_BUILDDIR).as_str()).context("chdir()")?;
+		ns::pivot_root(paths::ROOTFS_DIR);
 
 		let err = Command::new("tar")
 			.args(&[
@@ -49,6 +47,7 @@ pub fn pack<W: Write, P: AsRef<Path>>(archive: &mut W, source: P) -> Result<()>
 			])
 			.stdin(Stdio::null())
 			.stdout(stdout)
+			.current_dir(paths::TASK_BUILDDIR)
 			.env_clear()
 			.env("PATH", "/usr/sbin:/usr/bin:/sbin:/bin")
 			.exec();