Skip to content

Instantly share code, notes, and snippets.

@mrunalp

mrunalp/shared_bind_mounts

Last active August 29, 2015 14:27
Show Gist options
  • Save mrunalp/ba6f331edd66da426969 to your computer and use it in GitHub Desktop.
Save mrunalp/ba6f331edd66da426969 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
shared_bind_mounts
1. Apply this simple patch so that bind mounts aren't converted to private in runc
diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
index 21f380d..c1dfce5 100644
--- a/libcontainer/rootfs_linux.go
+++ b/libcontainer/rootfs_linux.go
@@ -400,7 +400,7 @@ func mknodDevice(dest string, node *configs.Device) error {
func prepareRoot(config *configs.Config) error {
flag := syscall.MS_SLAVE | syscall.MS_REC
if config.Privatefs {
- flag = syscall.MS_PRIVATE | syscall.MS_REC
+ flag = syscall.MS_PRIVATE
}
if err := syscall.Mount("", "/", "", uintptr(flag), ""); err != nil {
return err
2. mkdir /root/mnt-source
mount --bind /root/mnt-source /root/mnt-source
mount --make-shared /root/mnt-source
3. Add CAP_SYS_ADMIN and the following to config.json
{
"type": "bind",
"source": "/root/mnt-source",
"destination": "/root/mnt-desti",
"options": "bind"
}
4. Start the container and then
mkdir /root/mnt-desti/con
mount --bind /sbin /root/mnt-desti/con
5. You should be able to see the contents of sbin of container mounted on the host at /root/mnt-source. They continue to exist
even after the container exits.
6. We can even use this idea for slave mounts.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment