From e420cc3e5d2066674d32d16ad885bee6b30da210 Mon Sep 17 00:00:00 2001
From: Fabricio Voznika <fvoznika@google.com>
Date: Mon, 18 Mar 2019 12:29:43 -0700
Subject: Add support for mount propagation

Properly handle propagation options for root and mounts. Now usage of
mount options shared, rshared, and noexec cause error to start. shared/
rshared breaks sandbox=>host isolation. slave however can be supported
because changes propagate from host to sandbox.

Root FS setup moved inside the gofer. Apart from simplifying the code,
it keeps all mounts inside the namespace. And they are torn down when
the namespace is destroyed (DestroyFS is no longer needed).

PiperOrigin-RevId: 239037661
Change-Id: I8b5ee4d50da33c042ea34fa68e56514ebe20e6e0
---
 runsc/specutils/BUILD | 1 +
 1 file changed, 1 insertion(+)

(limited to 'runsc/specutils/BUILD')

diff --git a/runsc/specutils/BUILD b/runsc/specutils/BUILD
index 372799850..15476de6f 100644
--- a/runsc/specutils/BUILD
+++ b/runsc/specutils/BUILD
@@ -5,6 +5,7 @@ package(licenses = ["notice"])
 go_library(
     name = "specutils",
     srcs = [
+        "fs.go",
         "namespace.go",
         "specutils.go",
     ],
-- 
cgit v1.2.3