Merge pull request #10225 from vbatts/vbatts-init_mount_namespaces

daemon mount namespaces

contrib/init/systemd/docker.service

@@ -6,6 +6,7 @@ Requires=docker.socket
 
 [Service]
 ExecStart=/usr/bin/docker -d -H fd://
+MountFlags=slave
 LimitNOFILE=1048576
 LimitNPROC=1048576
 

contrib/init/sysvinit-redhat/docker

@@ -23,6 +23,7 @@
 . /etc/rc.d/init.d/functions
 
 prog="docker"
+unshare=/usr/bin/unshare
 exec="/usr/bin/$prog"
 pidfile="/var/run/$prog.pid"
 lockfile="/var/lock/subsys/$prog"
@@ -46,7 +47,7 @@ start() {
         prestart
         printf "Starting $prog:\t"
         echo "\n$(date)\n" >> $logfile
-        $exec -d $other_args &>> $logfile &
+        "$unshare" -m -- $exec -d $other_args &>> $logfile &
         pid=$!
         touch $lockfile
         # wait up to 10 seconds for the pidfile to exist.  see