Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
The linux filesystem isolator rely on 'mount --make-rslve /' to make sure the mounts in the container (in a new mount namespace) does not propagate back to the host mount namespace.
However, this command does not work as expected on ubuntu 14.04. Here is a simple experiment:
$ cat /proc/self/mountinfo 42 22 8:1 /home/vagrant/tmp /home/vagrant/tmp rw,relatime shared:1 - ext4 /dev/disk/by-uuid/3af531bb-7c15-4e60-b23f-4853c47ccc91 rw,data=ordered 43 42 8:1 /home/vagrant/busybox /home/vagrant/tmp/mnt rw,relatime shared:2 - ext4 /dev/disk/by-uuid/3af531bb-7c15-4e60-b23f-4853c47ccc91 rw,data=ordered $ sudo unshare -m /bin/bash # cat /proc/self/mountinfo 70 45 8:1 /home/vagrant/tmp /home/vagrant/tmp rw,relatime shared:1 - ext4 /dev/disk/by-uuid/3af531bb-7c15-4e60-b23f-4853c47ccc91 rw,data=ordered 71 70 8:1 /home/vagrant/busybox /home/vagrant/tmp/mnt rw,relatime shared:2 - ext4 /dev/disk/by-uuid/3af531bb-7c15-4e60-b23f-4853c47ccc91 rw,data=ordered # mount --make-rslave /home/vagrant/tmp # cat /proc/self/mountinfo 70 45 8:1 /home/vagrant/tmp /home/vagrant/tmp rw,relatime master:1 - ext4 /dev/disk/by-uuid/3af531bb-7c15-4e60-b23f-4853c47ccc91 rw,data=ordered 71 70 8:1 /home/vagrant/busybox /home/vagrant/tmp/mnt rw,relatime shared:2 - ext4 /dev/disk/by-uuid/3af531bb-7c15-4e60-b23f-4853c47ccc91 rw,data=ordered
If you repeat the above commands on CentOS, the command works as expected.