Confused by the source and target keyword in mount system call

Question

I am implementing a container which is cloned with a new namespace including mount, pid, user namespaces, etc. The first step the child does is to mount several important points such as /proc, /sys and /tmp using mount system call.

if(::mount("proc", "/proc", "proc", 0, NULL)==-1) {
  printf("Failed on mount: %s\n", strerror(errno));
  return -1;
}

if(::mount("sysfs", "/sys", "sysfs", 0, NULL)==-1) {
  printf("Failed on mount: %s\n", strerror(errno));
  return -1;
}

if(::mount("tmp", "/tmp", "tmpfs", 0, NULL)==-1) {
  printf("Failed on mount: %s\n", strerror(errno));
  return -1;
}

However, I am a bit confused by the source field in the argument list passed to mount.

int mount(const char *source, const char *target,
          const char *filesystemtype, unsigned long mountflags,
          const void *data);

What does the source mean exactly? For example, mounting /tmp seems have nothing to do with the source char string. I can still see a new /tmp folder created under the new namespace even using ::mount(nullptr, "/tmp", "tmpfs", 0, NULL). Am I missing something?

Answer 1

It is just supposed to match the argument such as those provided in your /etc/fstab file. For instance, on my fstab I have:

# <file system> <mount point>   <type>  <options>       <dump>  <pass>
...
proc            /proc   proc    defaults                0       0
sysfs           /sys    sysfs   defaults                0       0

But those examples are a bit different, because of their nature. Indeed, both proc and sysfs are not general filesystem. Hence, if you would have mounted a hard drive, the source would be more straightforward, being /dev/sda1 for instance.

And because you're implementing an isolation on top of namespaces, beware if the container calls umount on /proc for instance. It might reveal the host's proc, thus, breaking the isolation.

Answer 2

To add a bit to Aif`s answer: according to the mount manpage:

mount() attaches the filesystem specified by source (which is often a pathname referring to a device, but can also be the pathname of a directory or file, or a dummy string) to the location (a directory or file) specified by the pathname in target.

In the case of tmpfs, it is very much a dummy string. You are simply creating a temporary file system. tmpfs is stored in volatile memory and is temporary, not really having a source.

For other filesystem types, source will be very important, specifying which filesystem you are mounting to that directory, e.g. /dev/sda1 or what have you.