Merge release-20210315.0-17-g960155cda (automated)

2 files changed, 4 insertions, 5 deletions

diff --git a/runsc/boot/fs.go b/runsc/boot/fs.go
index d1dacee03..32adde643 100644
--- a/runsc/boot/fs.go
+++ b/runsc/boot/fs.go
@@ -792,7 +792,7 @@ func (c *containerMounter) getMountNameAndOptions(conf *config.Config, m specs.M
 	case bind:
 		fd := c.fds.remove()
 		fsName = gofervfs2.Name
-		opts = p9MountData(fd, c.getMountAccessType(m), conf.VFS2)
+		opts = p9MountData(fd, c.getMountAccessType(conf, m), conf.VFS2)
 		// If configured, add overlay to all writable mounts.
 		useOverlay = conf.Overlay && !mountFlags(m.Options).ReadOnly
 
@@ -802,12 +802,11 @@ func (c *containerMounter) getMountNameAndOptions(conf *config.Config, m specs.M
 	return fsName, opts, useOverlay, nil
 }
 
-func (c *containerMounter) getMountAccessType(mount specs.Mount) config.FileAccessType {
+func (c *containerMounter) getMountAccessType(conf *config.Config, mount specs.Mount) config.FileAccessType {
 	if hint := c.hints.findMount(mount); hint != nil {
 		return hint.fileAccessType()
 	}
-	// Non-root bind mounts are always shared if no hints were provided.
-	return config.FileAccessShared
+	return conf.FileAccessMounts
 }
 
 // mountSubmount mounts volumes inside the container's root. Because mounts may
diff --git a/runsc/boot/vfs.go b/runsc/boot/vfs.go
index 3fd28e516..9b3dacf46 100644
--- a/runsc/boot/vfs.go
+++ b/runsc/boot/vfs.go
@@ -494,7 +494,7 @@ func (c *containerMounter) getMountNameAndOptionsVFS2(conf *config.Config, m *mo
 			// but unlikely to be correct in this context.
 			return "", nil, false, fmt.Errorf("9P mount requires a connection FD")
 		}
-		data = p9MountData(m.fd, c.getMountAccessType(m.Mount), true /* vfs2 */)
+		data = p9MountData(m.fd, c.getMountAccessType(conf, m.Mount), true /* vfs2 */)
 		iopts = gofer.InternalFilesystemOptions{
 			UniqueID: m.Destination,
 		}