conf: ensure umounts don't propagate to host

Signed-off-by: Fengtu Wang <wangfengtu@huawei.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index fe30800d779f5a7748bc85aad18421a80c76c81d..7455843086c543d6219dcbcfcb9093bd73e61da2 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1112,7 +1112,7 @@ static int setup_rootfs_pivot_root(const char *rootfs)
                goto on_error;
        }
 
-       /* At this point the old-root is mounted on top of our new-root To
+       /* At this point the old-root is mounted on top of our new-root. To
         * unmounted it we must not be chdir'd into it, so escape back to
         * old-root.
         */
@@ -1122,6 +1122,15 @@ static int setup_rootfs_pivot_root(const char *rootfs)
                goto on_error;
        }
 
+       /* Make oldroot rslave to make sure our umounts don't propagate to the
+        * host.
+        */
+       ret = mount("", ".", "", MS_SLAVE | MS_REC, NULL);
+       if (ret < 0) {
+               SYSERROR("Failed to make oldroot rslave");
+               goto on_error;
+       }
+
        ret = umount2(".", MNT_DETACH);
        if (ret < 0) {
                SYSERROR("Failed to detach old root directory");