Add mount hiding (umount --detach) after bind mounts

UIRAN23 · UIRAN23 · commit 19b15732ed9c · 2026-06-17T10:38:33.000+05:00
After each bind mount, perform a lazy unmount (MNT_DETACH) to hide
the mount point from other namespaces while keeping it active in
the current namespace. This matches how Hybrid Mount hides its
mounts via KSU's TryUmount API.
diff --git a/apd/src/magic_mount.rs b/apd/src/magic_mount.rs
@@ -251,6 +251,12 @@ fn collect_module_files() -> Result<Option<Node>> {
     }
 }
 
+fn hide_mount(target: &Path) -> Result<()> {
+    log::debug!("hiding mount {}", target.display());
+    unmount(target, UnmountFlags::DETACH).ok();
+    Ok(())
+}
+
 fn clone_symlink<Src: AsRef<Path>, Dst: AsRef<Path>>(src: Src, dst: Dst) -> Result<()> {
     let src_symlink = read_link(src.as_ref())?;
     symlink(&src_symlink, dst.as_ref())?;
@@ -281,6 +287,7 @@ fn mount_mirror<P: AsRef<Path>, WP: AsRef<Path>>(
         );
         fs::File::create(&work_dir_path)?;
         mount_bind(&path, &work_dir_path)?;
+        hide_mount(&work_dir_path)?;
     } else if file_type.is_dir() {
         log::debug!(
             "mount mirror dir {} -> {}",
@@ -299,6 +306,7 @@ fn mount_mirror<P: AsRef<Path>, WP: AsRef<Path>>(
         for entry in read_dir(&path)?.flatten() {
             mount_mirror(&path, &work_dir_path, &entry)?;
         }
+        hide_mount(&work_dir_path)?;
     } else if file_type.is_symlink() {
         log::debug!(
             "create mirror symlink {} -> {}",
@@ -447,6 +455,7 @@ fn do_magic_mount<P: AsRef<Path>, WP: AsRef<Path>>(
                     work_dir_path.display()
                 );
                 mount_bind(module_path, target_path)?;
+                hide_mount(target_path)?;
             } else {
                 bail!("cannot mount root file {}!", path.display());
             }
@@ -477,6 +486,7 @@ fn do_magic_mount<P: AsRef<Path>, WP: AsRef<Path>>(
                     work_dir_path.display()
                 );
                 mount_bind(&work_dir_path, &work_dir_path).context("bind self")?;
+                hide_mount(&work_dir_path)?;
             }
             if path.exists() && !current.replace {
                 process_existing_entries(
@@ -495,6 +505,7 @@ fn do_magic_mount<P: AsRef<Path>, WP: AsRef<Path>>(
             process_remaining_children(&path, &work_dir_path, current.children, has_tmpfs)?;
             if create_tmpfs {
                 move_tmpfs_to_target(&work_dir_path, &path)?;
+                hide_mount(&path)?;
             }
         }
         Whiteout => {
