mount-setup: change the system mount propagation to shared by default…

… only at bootup The commit b3ac5f8 has changed the system mount propagation to shared by default, and according to the following patch: opencontainers/runc#208 When starting the container, the pouch daemon will call runc to execute make-private. However, if the systemctl daemon-reexec is executed after the container has been started, the system mount propagation will be changed to share again by default, and the make-private operation above will have no chance to execute.
taskset · Apr 8, 2020 · 5b05435 · 5b05435
1 parent 6760474
commit 5b05435
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/src/core/main.c b/src/core/main.c
@@ -2565,7 +2565,7 @@ int main(int argc, char *argv[]) {
                 if (!skip_setup)
                         kmod_setup();
 
-                r = mount_setup(loaded_policy);
+                r = mount_setup(loaded_policy, skip_setup);
                 if (r < 0) {
                         error_message = "Failed to mount API filesystems";
                         goto finish;

diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
@@ -478,7 +478,7 @@ static int relabel_extra(void) {
 }
 #endif
 
-int mount_setup(bool loaded_policy) {
+int mount_setup(bool loaded_policy, bool leave_propagation) {
         int r = 0;
 
         r = mount_points_setup(ELEMENTSOF(mount_table), loaded_policy);
@@ -524,7 +524,7 @@ int mount_setup(bool loaded_policy) {
          * needed. Note that we set this only when we are invoked directly by the kernel. If we are invoked by a
          * container manager we assume the container manager knows what it is doing (for example, because it set up
          * some directories with different propagation modes). */
-        if (detect_container() <= 0)
+        if (detect_container() <= 0 && !leave_propagation)
                 if (mount(NULL, "/", NULL, MS_REC|MS_SHARED, NULL) < 0)
                         log_warning_errno(errno, "Failed to set up the root directory for shared mount propagation: %m");
 

diff --git a/src/core/mount-setup.h b/src/core/mount-setup.h
@@ -4,7 +4,7 @@
 #include <stdbool.h>
 
 int mount_setup_early(void);
-int mount_setup(bool loaded_policy);
+int mount_setup(bool loaded_policy, bool leave_propagation);
 
 int mount_cgroup_controllers(void);