rootfsPropagation=shared does not work #1755
Description
Tested with runc from git today (git describe = v1.0.0-rc5-17-g9facb87f).
How to test with rootfsPropagation=shared:
oci-runtime-tool generate --privileged --linux-rootfs-propagation=shared --process-terminal=true --rootfs-path=/home/alban/distro-trees/f26/ > config.json
sudo strace -f -e unshare,clone,mount,pivot_root,chdir,fchdir runc run c1
[pid 1602] mount("", "/", 0xc42009520c, MS_SHARED, NULL) = 0
[pid 1602] mount("", "/home", 0xc4200957d6, MS_PRIVATE, NULL) = 0
[pid 1602] mount("/home/alban/distro-trees/f26/", "/home/alban/distro-trees/f26/", 0xc4200957d7, MS_BIND|MS_REC, NULL) = 0
[pid 1602] mount("proc", "/home/alban/distro-trees/f26/proc", "proc", 0, NULL) = 0
[pid 1602] mount("tmpfs", "/home/alban/distro-trees/f26/dev", "tmpfs", MS_NOSUID|MS_STRICTATIME, "mode=755,size=65536k") = 0
[pid 1602] mount("devpts", "/home/alban/distro-trees/f26/dev/pts", "devpts", MS_NOSUID|MS_NOEXEC, "newinstance,ptmxmode=0666,mode=0"...) = 0
[pid 1602] mount("shm", "/home/alban/distro-trees/f26/dev/shm", "tmpfs", MS_NOSUID|MS_NODEV|MS_NOEXEC, "mode=1777,size=65536k") = 0
[pid 1602] mount("mqueue", "/home/alban/distro-trees/f26/dev/mqueue", "mqueue", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL) = 0
[pid 1602] mount("sysfs", "/home/alban/distro-trees/f26/sys", "sysfs", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL) = 0
[pid 1602] chdir("/home/alban/distro-trees/f26/") = 0
[pid 1602] fchdir(9) = 0
[pid 1602] pivot_root(".", ".") = 0
[pid 1602] fchdir(8) = 0
[pid 1602] mount("", ".", 0xc420095a64, MS_REC|MS_SLAVE, NULL) = 0
[pid 1602] chdir("/") = 0
[pid 1602] mount("/dev/pts/0", "/dev/console", 0xc420095ac8, MS_BIND, NULL) = 0
[pid 1602] chdir("/") = 0
How to test with rootfsPropagation=private:
oci-runtime-tool generate --privileged --linux-rootfs-propagation=private --process-terminal=true --rootfs-path=/home/alban/distro-trees/f26/ > config.json
sudo strace -f -e unshare,clone,mount,pivot_root,chdir,fchdir runc run c1
[pid 3878] mount("", "/", 0xc4200f6ebc, MS_PRIVATE, NULL) = 0
[pid 3878] mount("", "/home", 0xc4200f7476, MS_PRIVATE, NULL) = 0
[pid 3878] mount("/home/alban/distro-trees/f26/", "/home/alban/distro-trees/f26/", 0xc4200f7477, MS_BIND|MS_REC, NULL) = 0
[pid 3878] mount("proc", "/home/alban/distro-trees/f26/proc", "proc", 0, NULL) = 0
[pid 3878] mount("tmpfs", "/home/alban/distro-trees/f26/dev", "tmpfs", MS_NOSUID|MS_STRICTATIME, "mode=755,size=65536k") = 0
[pid 3878] mount("devpts", "/home/alban/distro-trees/f26/dev/pts", "devpts", MS_NOSUID|MS_NOEXEC, "newinstance,ptmxmode=0666,mode=0"...) = 0
[pid 3878] mount("shm", "/home/alban/distro-trees/f26/dev/shm", "tmpfs", MS_NOSUID|MS_NODEV|MS_NOEXEC, "mode=1777,size=65536k") = 0
[pid 3878] mount("mqueue", "/home/alban/distro-trees/f26/dev/mqueue", "mqueue", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL) = 0
[pid 3878] mount("sysfs", "/home/alban/distro-trees/f26/sys", "sysfs", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL) = 0
[pid 3878] chdir("/home/alban/distro-trees/f26/") = 0
[pid 3878] fchdir(9) = 0
[pid 3878] pivot_root(".", ".") = 0
[pid 3878] fchdir(8) = 0
[pid 3878] mount("", ".", 0xc4200f7704, MS_REC|MS_SLAVE, NULL) = 0
[pid 3878] chdir("/") = 0
[pid 3878] mount("/dev/pts/0", "/dev/console", 0xc4200f7768, MS_BIND, NULL) = 0
[pid 3878] chdir("/") = 0
At a first glance, changing the flag rootfsPropagation appears to do the correct thing: the line 1 of the strace log uses MS_SHARED or MS_PRIVATE depending on the rootfsPropagation flag.
However, cat /proc/self/mountinfo in the container shows that it does not work. I have to run mount --make-shared / manually in the container to make it shared.
The mount call for the rootfsPropagation is not done on the rootfs but on the oldrootfs, before the pivot_root. Since it is not recursive, it has not effect on the container rootfs. Then I tried --linux-rootfs-propagation=rshared but it still does not work. I wonder if the mount("", ".", ... MS_REC|MS_SLAVE after the pivot_root reverts the effect.