contrib/systemd: mount namespace and subtree flags

This systemd.exec setting will construct a new mount namespace for the docker daemon, and use slave shared-subtree mounts so that volume mounts propogate correctly into containers. By having an unshared mount namespace for the daemon it ensures that mount references are not held by other pids outside of the docker daemon. Frequently this can be seen in EBUSY or "device or resource busy" errors. Signed-off-by: Vincent Batts <vbatts@redhat.com>
2015-01-20 14:22:04 -05:00 · 2015-01-20 14:22:04 -05:00 · eb76cb2301
commit eb76cb2301
parent 092d52281d
1 changed files with 1 additions and 0 deletions
--- a/contrib/init/systemd/docker.service
+++ b/contrib/init/systemd/docker.service
@ -6,6 +6,7 @@ Requires=docker.socket

 [Service]
 ExecStart=/usr/bin/docker -d -H fd://
+MountFlags=slave
 LimitNOFILE=1048576
 LimitNPROC=1048576