44 lines
1.8 KiB
Diff
44 lines
1.8 KiB
Diff
From 321679149dad13cdfd40831cc288495d4a5caf75 Mon Sep 17 00:00:00 2001
|
|
From: caihaomin <caihaomin@huawei.com>
|
|
Date: Fri, 15 Dec 2017 17:37:41 +0800
|
|
Subject: [PATCH 43/94] runc: Use rslave instead of rprivate in
|
|
chrootarchive
|
|
|
|
[Changelog]:With rprivate there exists a race where a reference to a mount has
|
|
propagated to the new namespace, when rprivate is set the parent
|
|
namespace is not able to remove the mount due to that reference.
|
|
With rslave unmounts will propagate correctly into the namespace and
|
|
prevent the sort of transient errors that are possible with rprivate.
|
|
https://github.com/moby/moby/pull/35217
|
|
[Author]git
|
|
|
|
Change-Id: I7a69a5b0c03e896b9cb1722eb676b7b84ea7dd77
|
|
Signed-off-by: caihaomin <caihaomin@huawei.com>
|
|
---
|
|
libcontainer/rootfs_linux.go | 9 ++++++---
|
|
1 file changed, 6 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
|
|
index 1c93903..7cf5edd 100644
|
|
--- a/libcontainer/rootfs_linux.go
|
|
+++ b/libcontainer/rootfs_linux.go
|
|
@@ -668,9 +668,12 @@ func pivotRoot(rootfs string) error {
|
|
return err
|
|
}
|
|
|
|
- // Make oldroot rprivate to make sure our unmounts don't propagate to the
|
|
- // host (and thus bork the machine).
|
|
- if err := syscall.Mount("", ".", "", syscall.MS_PRIVATE|syscall.MS_REC, ""); err != nil {
|
|
+ // Make oldroot rslave to make sure our unmounts don't propagate to the
|
|
+ // host (and thus bork the machine). We don't use rprivate because this is
|
|
+ // known to cause issues due to races where we still have a reference to a
|
|
+ // mount while a process in the host namespace are trying to operate on
|
|
+ // something they think has no mounts (devicemapper in particular).
|
|
+ if err := syscall.Mount("", ".", "", syscall.MS_SLAVE|syscall.MS_REC, ""); err != nil {
|
|
return err
|
|
}
|
|
// Preform the unmount. MNT_DETACH allows us to unmount /proc/self/cwd.
|
|
--
|
|
2.7.4.3
|
|
|