runsc: Set volume mount rslave.

PiperOrigin-RevId: 211111376 Change-Id: I27b8cb4e070d476fa4781ed6ecfa0cf1dcaf85f5
author: Lantao Liu <lantaol@google.com> 2018-08-31 11:01:57 -0700
committer: Shentubot <shentubot@google.com> 2018-08-31 11:03:22 -0700
commit: be9f454eb6e456fb1acf084612f363aa959ef9d9 (patch)
tree: cf400f10ad332941956ff6ae21a71c2f14ae1ae4 /runsc/container
parent: 625edb9f2864c1b3aebc6b4c9828197131c2e003 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/runsc/container/fs.go b/runsc/container/fs.go
index dd8bdf120..b93c866ea 100644
--- a/runsc/container/fs.go
+++ b/runsc/container/fs.go
@@ -117,6 +117,12 @@ func setupFS(spec *specs.Spec, conf *boot.Config, bundleDir string) error {
 		if err := syscall.Mount(src, dst, m.Type, uintptr(flags), ""); err != nil {
 			return fmt.Errorf("failed to mount src: %q, dst: %q, flags: %#x, err: %v", src, dst, flags, err)
 		}
+		// Make the mount a slave, so that for recursive bind mount, umount won't
+		// propagate to the source.
+		flags = syscall.MS_SLAVE | syscall.MS_REC
+		if err := syscall.Mount("", dst, "", uintptr(flags), ""); err != nil {
+			return fmt.Errorf("failed to rslave mount dst: %q, flags: %#x, err: %v", dst, flags, err)
+		}
 	}
 
 	// Remount root as readonly after setup is done, if requested.
author	Lantao Liu <lantaol@google.com>	2018-08-31 11:01:57 -0700
committer	Shentubot <shentubot@google.com>	2018-08-31 11:03:22 -0700
commit	be9f454eb6e456fb1acf084612f363aa959ef9d9 (patch)
tree	cf400f10ad332941956ff6ae21a71c2f14ae1ae4 /runsc/container
parent	625edb9f2864c1b3aebc6b4c9828197131c2e003 (diff)