Merge pull request #980 from devimc/topic/left_mount_points

virtcontainers: set private propagation in rootfs
kata-containers · Jan 21, 2019 · 0c09d2b · 0c09d2b
2 parents 150a44f + b029e44
commit 0c09d2b
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/virtcontainers/mount.go b/virtcontainers/mount.go
@@ -248,10 +248,16 @@ func bindMount(ctx context.Context, source, destination string, readonly bool) e
 
 	if err := ensureDestinationExists(absSource, destination); err != nil {
 		return fmt.Errorf("Could not create destination mount point %v: %v", destination, err)
-	} else if err := syscall.Mount(absSource, destination, "bind", syscall.MS_BIND, ""); err != nil {
+	}
+
+	if err := syscall.Mount(absSource, destination, "bind", syscall.MS_BIND, ""); err != nil {
 		return fmt.Errorf("Could not bind mount %v to %v: %v", absSource, destination, err)
 	}
 
+	if err := syscall.Mount("none", destination, "", syscall.MS_PRIVATE, ""); err != nil {
+		return fmt.Errorf("Could not make mount point %v private: %v", destination, err)
+	}
+
 	// For readonly bind mounts, we need to remount with the readonly flag.
 	// This is needed as only very recent versions of libmount/util-linux support "bind,ro"
 	if readonly {