runc/patch/0043-runc-Use-rslave-instead-of-rprivate-in-chro.patch

From 321679149dad13cdfd40831cc288495d4a5caf75 Mon Sep 17 00:00:00 2001
From: caihaomin <caihaomin@huawei.com>
Date: Fri, 15 Dec 2017 17:37:41 +0800
Subject: [PATCH 43/94] runc: Use rslave instead of rprivate in
 chrootarchive

[Changelog]:With rprivate there exists a race where a reference to a mount has
propagated to the new namespace, when rprivate is set the parent
namespace is not able to remove the mount due to that reference.
With rslave unmounts will propagate correctly into the namespace and
prevent the sort of transient errors that are possible with rprivate.
https://github.com/moby/moby/pull/35217
[Author]git

Change-Id: I7a69a5b0c03e896b9cb1722eb676b7b84ea7dd77
Signed-off-by: caihaomin <caihaomin@huawei.com>
---
 libcontainer/rootfs_linux.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
index 1c93903..7cf5edd 100644
--- a/libcontainer/rootfs_linux.go
+++ b/libcontainer/rootfs_linux.go
@@ -668,9 +668,12 @@ func pivotRoot(rootfs string) error {
 		return err
 	}
 
-	// Make oldroot rprivate to make sure our unmounts don't propagate to the
-	// host (and thus bork the machine).
-	if err := syscall.Mount("", ".", "", syscall.MS_PRIVATE|syscall.MS_REC, ""); err != nil {
+	// Make oldroot rslave to make sure our unmounts don't propagate to the
+	// host (and thus bork the machine). We don't use rprivate because this is
+	// known to cause issues due to races where we still have a reference to a
+	// mount while a process in the host namespace are trying to operate on
+	// something they think has no mounts (devicemapper in particular).
+	if err := syscall.Mount("", ".", "", syscall.MS_SLAVE|syscall.MS_REC, ""); err != nil {
 		return err
 	}
 	// Preform the unmount. MNT_DETACH allows us to unmount /proc/self/cwd.
-- 
2.7.4.3
runc: package init Signed-off-by: openeuler-iSula <isula@huawei.com> 2019-12-29 15:30:08 +08:00			`From 321679149dad13cdfd40831cc288495d4a5caf75 Mon Sep 17 00:00:00 2001`
			`From: caihaomin <caihaomin@huawei.com>`
			`Date: Fri, 15 Dec 2017 17:37:41 +0800`
			`Subject: [PATCH 43/94] runc: Use rslave instead of rprivate in`
			`chrootarchive`

			`[Changelog]:With rprivate there exists a race where a reference to a mount has`
			`propagated to the new namespace, when rprivate is set the parent`
			`namespace is not able to remove the mount due to that reference.`
			`With rslave unmounts will propagate correctly into the namespace and`
			`prevent the sort of transient errors that are possible with rprivate.`
			`https://github.com/moby/moby/pull/35217`
			`[Author]git`

			`Change-Id: I7a69a5b0c03e896b9cb1722eb676b7b84ea7dd77`
			`Signed-off-by: caihaomin <caihaomin@huawei.com>`
			`---`
			`libcontainer/rootfs_linux.go \| 9 ++++++---`
			`1 file changed, 6 insertions(+), 3 deletions(-)`

			`diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go`
			`index 1c93903..7cf5edd 100644`
			`--- a/libcontainer/rootfs_linux.go`
			`+++ b/libcontainer/rootfs_linux.go`
			`@@ -668,9 +668,12 @@ func pivotRoot(rootfs string) error {`
			`return err`
			`}`

			`- // Make oldroot rprivate to make sure our unmounts don't propagate to the`
			`- // host (and thus bork the machine).`
			`- if err := syscall.Mount("", ".", "", syscall.MS_PRIVATE\|syscall.MS_REC, ""); err != nil {`
			`+ // Make oldroot rslave to make sure our unmounts don't propagate to the`
			`+ // host (and thus bork the machine). We don't use rprivate because this is`
			`+ // known to cause issues due to races where we still have a reference to a`
			`+ // mount while a process in the host namespace are trying to operate on`
			`+ // something they think has no mounts (devicemapper in particular).`
			`+ if err := syscall.Mount("", ".", "", syscall.MS_SLAVE\|syscall.MS_REC, ""); err != nil {`
			`return err`
			`}`
			`// Preform the unmount. MNT_DETACH allows us to unmount /proc/self/cwd.`
			`--`
			`2.7.4.3`