Merge pull request #27609 from tonistiigi/fix-chroot-shared-parent

chroot: remount everything as private in new mntns

pkg/chrootarchive/chroot_linux.go

@@ -26,7 +26,12 @@ func chroot(path string) (err error) {
 		return fmt.Errorf("Error creating mount namespace before pivot: %v", err)
 	}
 
-	if err := mount.MakeRPrivate(path); err != nil {
+	// make everything in new ns private
+	if err := mount.MakeRPrivate("/"); err != nil {
+		return err
+	}
+	// ensure path is a mountpoint
+	if err := mount.MakePrivate(path); err != nil {
 		return err
 	}
 
@@ -57,13 +62,6 @@ func chroot(path string) (err error) {
 				err = errCleanup
 			}
 		}
-
-		if errCleanup := syscall.Unmount("/", syscall.MNT_DETACH); errCleanup != nil {
-			if err == nil {
-				err = fmt.Errorf("error unmounting root: %v", errCleanup)
-			}
-			return
-		}
 	}()
 
 	if err := syscall.PivotRoot(path, pivotDir); err != nil {