automatic garbage collection of stuff mounted (etc.) by jailed root

[Mateusz Guzik]

Hello,

This is something that imho could be done by GSoC student.

It is possible to allow jailed root to mount various filesystems. But
once all processes are dead, mounts done by jailed root that he didn't
clean up are still hanging around.

As time passes and more stuff gets jailable we should expect problems
like this in different subsystems.

So I propose that someone(tm) implements a solution which cleans this
stuff during jail destruction.

One idea how to do it: implement a list with clean up operations. Using
mount example: you add a filesystem to be cleaned up after it is
mounted, you delete it after it is unmounted. When the jail is going to
die you just traverse the list backwareds and call cleaning functions,
in this case unmounting filesystems. Maybe this is is a bad idea in the
first place and it is better to take a look at mount tree and traverse
that, I don't know, you should investigate. :) Note that the code has to
be robust in case of errors (e.g. given fs may not be unmountable
because someone from prison0 is inside).

Again, the goal is to have jails clean up automatically after anything
jailed root was permitted to do.

Thoughts?
-- 
Mateusz Guzik <mjguzik gmail.com>