Merge pull request #35217 from cpuguy83/fix_chroot_mount_race

Use rslave instead of rprivate in chrootarchive
This commit is contained in:
Sebastiaan van Stijn 2017-10-24 22:13:28 +02:00 committed by GitHub
commit d891f2e3ca

View file

@ -26,8 +26,13 @@ func chroot(path string) (err error) {
return fmt.Errorf("Error creating mount namespace before pivot: %v", err) return fmt.Errorf("Error creating mount namespace before pivot: %v", err)
} }
// make everything in new ns private // Make everything in new ns slave.
if err := mount.MakeRPrivate("/"); err != nil { // Don't use `private` here as this could race where the mountns gets a
// reference to a mount and an unmount from the host does not propagate,
// which could potentially cause transient errors for other operations,
// even though this should be relatively small window here `slave` should
// not cause any problems.
if err := mount.MakeRSlave("/"); err != nil {
return err return err
} }