From 9f8d4e10221db983d8cd9944caf2807b2fa6dbed Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Tue, 4 Jun 2019 21:21:27 -0700
Subject: [PATCH] Properly isolate mount namespace

---
 native/jni/su/su_daemon.cpp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/native/jni/su/su_daemon.cpp b/native/jni/su/su_daemon.cpp
index d9f022e4d..1cb6298d4 100644
--- a/native/jni/su/su_daemon.cpp
+++ b/native/jni/su/su_daemon.cpp
@@ -10,6 +10,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/wait.h>
+#include <sys/mount.h>
 
 #include <magisk.h>
 #include <daemon.h>
@@ -308,14 +309,13 @@ void su_daemon_handler(int client, struct ucred *credential) {
 			break;
 		case NAMESPACE_MODE_REQUESTER:
 			LOGD("su: use namespace of pid=[%d]\n", ctx.pid);
-			if (switch_mnt_ns(ctx.pid)) {
-				LOGD("su: setns failed, fallback to isolated\n");
-				xunshare(CLONE_NEWNS);
-			}
+			if (switch_mnt_ns(ctx.pid))
+				LOGD("su: setns failed, fallback to global\n");
 			break;
 		case NAMESPACE_MODE_ISOLATE:
 			LOGD("su: use new isolated namespace\n");
 			xunshare(CLONE_NEWNS);
+			xmount(nullptr, "/", nullptr, MS_PRIVATE | MS_REC, nullptr);
 			break;
 	}