When umount-ing a host bind-mount, the syscalls succeeds and the mount is no longer visible in mountinfo, but the bind-mounted files are still accessible w/ their original contents.
{"ociVersion":"1.0.0","process":{"terminal":true,"user":{"uid":0,"gid":0},"args":["sh"],"env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","TERM=xterm"],"cwd":"/","capabilities":{"bounding":["CAP_SYS_ADMIN"],"effective":["CAP_SYS_ADMIN"],"inheritable":["CAP_SYS_ADMIN"],"permitted":["CAP_SYS_ADMIN"],"ambient":["CAP_SYS_ADMIN"]},"noNewPrivileges":true},"root":{"path":"rootfs","readonly":true},"hostname":"gvisor","mounts":[{"destination":"/proc","type":"proc","source":"proc"},{"destination":"/sys","type":"sysfs","source":"sysfs","options":["nosuid","noexec","nodev","ro"]},{"destination":"/dev","type":"tmpfs","source":"tmpfs"},{"destination":"/tmp/bind-mount","type":"bind","source":"/tmp/bind-mount","options":["bind"]}],"linux":{"resources":{"devices":[{"allow":false,"access":"rwm"}]},"namespaces":[{"type":"pid"},{"type":"mount"},{"type":"ipc"},{"type":"uts"},{"type":"cgroup"},{"type":"network"}]}}
echo bind-mount > /tmp/bind-mount
runsc run test
$ mount | grep bind-mount
none on /tmp/bind-mount type 9p (rw,trans=fd,rfdno=4,wfdno=4,aname=/,dfltuid=4294967294,dfltgid=4294967294,dcache=1000,cache=remote_revalidating,disable_fifo_open,overlayfs_stale_read,directfs)
$ cat /tmp/bind-mount
bind-mount
$ umount /tmp/bind-mount && echo 1
1
$ mount | grep -q bind-mount || echo not found
not found
$ cat /tmp/bind-mount
bind-mount
Description
When umount-ing a host bind-mount, the syscalls succeeds and the mount is no longer visible in mountinfo, but the bind-mounted files are still accessible w/ their original contents.
Steps to reproduce
oci spec with CAP_SYS_ADMIN and a custom bind mount:
runsc version
uname
Linux 5c915a61b95b 6.12.69-linuxkit #1 SMP Mon Feb 16 11:19:06 UTC 2026 aarch64 aarch64 aarch64 GNU/Linux