Enabled bind mounts in sub-containers

With multi-gofers, bind mounts in sub-containers should
just work. Removed restrictions and added test. There are
also a few cleanups along the way, e.g. retry unmounting
in case cleanup races with gofer teardown.

PiperOrigin-RevId: 211699569
Change-Id: Ic0a69c29d7c31cd7e038909cc686c6ac98703374

2 files changed, 0 insertions, 10 deletions

diff --git a/runsc/boot/fds.go b/runsc/boot/fds.go
index 0449e243d..9de5a78b1 100644
--- a/runsc/boot/fds.go
+++ b/runsc/boot/fds.go
@@ -28,11 +28,6 @@ import (
 
 // createFDMap creates an fd map that contains stdin, stdout, and stderr. If
 // console is true, then ioctl calls will be passed through to the host fd.
-//
-// TODO: We currently arn't passing any FDs in to the sandbox, so
-// there's not much else for this function to do.  It will get more complicated
-// when gofers enter the picture.  Also the LISTEN_FDS environment variable
-// allows passing arbitrary FDs to the sandbox, which we do not yet support.
 func createFDMap(ctx context.Context, k *kernel.Kernel, l *limits.LimitSet, console bool) (*kernel.FDMap, error) {
 	fdm := k.NewFDMap()
 	defer fdm.DecRef()
diff --git a/runsc/boot/fs.go b/runsc/boot/fs.go
index 4a11b30f1..772df40fe 100644
--- a/runsc/boot/fs.go
+++ b/runsc/boot/fs.go
@@ -685,11 +685,6 @@ func setFileSystemForProcess(procArgs *kernel.CreateProcessArgs, spec *specs.Spe
 	// Mount all submounts.
 	mounts := compileMounts(spec)
 	for _, m := range mounts {
-		// TODO: Enable bind mounts in child containers.
-		if m.Type == bind {
-			log.Infof("Bind mounts in child containers are not yet supported: %+v", m)
-			continue
-		}
 		dest := filepath.Join(containerRoot, m.Destination)
 		if err := mountSubmount(rootCtx, conf, k.RootMountNamespace(), fds, m, mounts, dest); err != nil {
 			return fmt.Errorf("error mounting filesystem for container: %v", err)