--- a/ip/ipnetns.c        2013-01-09 14:49:33.771203031 -0500
+++ b/ip/ipnetns.c        2013-01-09 14:53:29.196352921 -0500
@@ -152,11 +152,15 @@
                fprintf(stderr, "unshare failed: %s\n", strerror(errno));
                return -1;
        }
-       /* Mount a version of /sys that describes the network namespace */
-       if (umount2("/sys", MNT_DETACH) < 0) {
-               fprintf(stderr, "umount of /sys failed: %s\n", strerror(errno));
+
+       /* We can't make any assumptions about root. Set /sys to
+        * private to avoid propagating the newly mounted /sys
+        * back into the parent processes's mount namespace. */
+       if (mount(NULL, "/sys", NULL, MS_PRIVATE|MS_REC, NULL) < 0) {
+               fprintf(stderr, "setting /sys to private namespace failed: %s\n", strerror(errno));
                return -1;
        }
+
        if (mount(name, "/sys", "sysfs", 0, NULL) < 0) {
                fprintf(stderr, "mount of /sys failed: %s\n",strerror(errno));
                return -1;