Disable private mounts in chroot'ed operation in the unshare plugin

mount("/", "/", NULL, MS_REC | MS_PRIVATE, NULL) inside a chroot
fails with EINVAL. Apparently this is because "/" inside the chroot
is not (necessarily) an actual mount point and ... then it starts
getting more complicated. It should be possible to handle but
not something we want to attempt just before a release candidate.

Related: rpm-software-management#3187

docs/man/rpm-plugin-unshare.8.md

@@ -27,6 +27,10 @@ This plugin implements the following configurables:
     execution. Typical examples would be `/tmp` to protect against
     insecure temporary file usage inside scriptlets, and `/home` to
     prevent scriptlets from accessing user home directories.
+    When path unsharing is enabled, any mounts made from scriptlets
+    are also private to the scriptlet.
+
+    Private mounts in chroot-operations is unimplemented.
 
 `%__transaction_unshare_nonet`
 

plugins/unshare.c

@@ -19,8 +19,15 @@ static rpmRC unshare_init(rpmPlugin plugin, rpmts ts)
 {
     char *paths = rpmExpand("%{?__transaction_unshare_paths}", NULL);
     private_mounts = argvSplitString(paths, ":", ARGV_SKIPEMPTY);
-    if (private_mounts)
-	unshare_flags |= CLONE_NEWNS;
+    if (private_mounts) {
+	/* Remounting "/" inside chroot fails with EINVAL */
+	if (strcmp(rpmtsRootDir(ts), "/")) {
+	    rpmlog(RPMLOG_WARNING,
+			"private mounts in chroot not implemented\n");
+	} else {
+	    unshare_flags |= CLONE_NEWNS;
+	}
+    }
     free(paths);
 
     if (rpmExpandNumeric("%{?__transaction_unshare_nonet}"))
@@ -47,7 +54,7 @@ static rpmRC unshare_scriptlet_fork_post(rpmPlugin plugin,
 	goto exit;
     }
 
-    if (private_mounts) {
+    if (unshare_flags & CLONE_NEWNS) {
 	if (mount("/", "/", NULL, MS_REC | MS_PRIVATE, NULL) == -1) {
 	    rpmlog(RPMLOG_ERR, _("failed to mount private %s: %s\n"),
 		    "/", strerror(errno));