From be9f454eb6e456fb1acf084612f363aa959ef9d9 Mon Sep 17 00:00:00 2001
From: Lantao Liu <lantaol@google.com>
Date: Fri, 31 Aug 2018 11:01:57 -0700
Subject: runsc: Set volume mount rslave.

PiperOrigin-RevId: 211111376
Change-Id: I27b8cb4e070d476fa4781ed6ecfa0cf1dcaf85f5
---
 runsc/container/fs.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/runsc/container/fs.go b/runsc/container/fs.go
index dd8bdf120..b93c866ea 100644
--- a/runsc/container/fs.go
+++ b/runsc/container/fs.go
@@ -117,6 +117,12 @@ func setupFS(spec *specs.Spec, conf *boot.Config, bundleDir string) error {
 		if err := syscall.Mount(src, dst, m.Type, uintptr(flags), ""); err != nil {
 			return fmt.Errorf("failed to mount src: %q, dst: %q, flags: %#x, err: %v", src, dst, flags, err)
 		}
+		// Make the mount a slave, so that for recursive bind mount, umount won't
+		// propagate to the source.
+		flags = syscall.MS_SLAVE | syscall.MS_REC
+		if err := syscall.Mount("", dst, "", uintptr(flags), ""); err != nil {
+			return fmt.Errorf("failed to rslave mount dst: %q, flags: %#x, err: %v", dst, flags, err)
+		}
 	}
 
 	// Remount root as readonly after setup is done, if requested.
-- 
cgit v1.2.3