chroot: remount everything as private in new mntns

tonistiigi · tonistiigi · commit b511d1f0cabd · 2016-10-20T15:29:23.000-07:00
If parent of the destination path is shared, this
path will be unmounted from the parent ns even if
the path itself is private.

Signed-off-by: Tonis Tiigi &lt;tonistiigi@gmail.com&gt;
diff --git a/pkg/chrootarchive/chroot_linux.go b/pkg/chrootarchive/chroot_linux.go
@@ -26,7 +26,12 @@ func chroot(path string) (err error) {
 		return fmt.Errorf("Error creating mount namespace before pivot: %v", err)
 	}
 
-	if err := mount.MakeRPrivate(path); err != nil {
+	// make everything in new ns private
+	if err := mount.MakeRPrivate("/"); err != nil {
+		return err
+	}
+	// ensure path is a mountpoint
+	if err := mount.MakePrivate(path); err != nil {
 		return err
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,12 @@ func chroot(path string) (err error) {`
`26`	`26`	`return fmt.Errorf("Error creating mount namespace before pivot: %v", err)`
`27`	`27`	`}`
`28`	`28`
`29`		`- if err := mount.MakeRPrivate(path); err != nil {`
	`29`	`+ // make everything in new ns private`
	`30`	`+ if err := mount.MakeRPrivate("/"); err != nil {`
	`31`	`+ return err`
	`32`	`+ }`
	`33`	`+ // ensure path is a mountpoint`
	`34`	`+ if err := mount.MakePrivate(path); err != nil {`
`30`	`35`	`return err`
`31`	`36`	`}`
`32`	`37`