Use pivot_root(2) instead of chroot(2)
This change calls pivot_root(2) instead of chroot(2) to enter the
container. This prevents the container from accidentally grabbing
references to undesired mounts in the init namespace.
BUG=b:65450844
BUG=chromium:849455
TEST=fizz tryjob
Change-Id: I6e79016c142e2c773fe13616c0eb1e89082b9cf0
Reviewed-on: https://chromium-review.googlesource.com/1087680
Commit-Ready: Luis Hector Chavez <lhchavez@chromium.org>
Tested-by: Luis Hector Chavez <lhchavez@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
1 file changed