chroot: remount everything as private in new mntns

If parent of the destination path is shared, this
path will be unmounted from the parent ns even if
the path itself is private.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit b511d1f0cabd32ca30c87fa1bbc7ecac283dab39)
Signed-off-by: Victor Vieux <vieux@docker.com>

pkg/chrootarchive/chroot_linux.go

@@ -21,7 +21,12 @@ func chroot(path string) (err error) {
 		return fmt.Errorf("Error creating mount namespace before pivot: %v", err)
 	}
 
-	if err := mount.MakeRPrivate(path); err != nil {
+	// make everything in new ns private
+	if err := mount.MakeRPrivate("/"); err != nil {
+		return err
+	}
+	// ensure path is a mountpoint
+	if err := mount.MakePrivate(path); err != nil {
 		return err
 	}