From b511d1f0cabd32ca30c87fa1bbc7ecac283dab39 Mon Sep 17 00:00:00 2001
From: Tonis Tiigi <tonistiigi@gmail.com>
Date: Thu, 20 Oct 2016 15:29:23 -0700
Subject: [PATCH] chroot: remount everything as private in new mntns

If parent of the destination path is shared, this
path will be unmounted from the parent ns even if
the path itself is private.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
---
 pkg/chrootarchive/chroot_linux.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pkg/chrootarchive/chroot_linux.go b/pkg/chrootarchive/chroot_linux.go
index 7153b48798728a5b54814285bb518a8bcfd4060a..9f1dd527ffb5cd8812fcfb6aa61cdf7628a455a4 100644
--- a/pkg/chrootarchive/chroot_linux.go
+++ b/pkg/chrootarchive/chroot_linux.go
@@ -26,7 +26,12 @@ func chroot(path string) (err error) {
 		return fmt.Errorf("Error creating mount namespace before pivot: %v", err)
 	}
 
-	if err := mount.MakeRPrivate(path); err != nil {
+	// make everything in new ns private
+	if err := mount.MakeRPrivate("/"); err != nil {
+		return err
+	}
+	// ensure path is a mountpoint
+	if err := mount.MakePrivate(path); err != nil {
 		return err
 	}