From 17bff47198597c1e23a6da049fd9235b334da68c Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Wed, 5 Mar 2014 09:40:54 +0100
Subject: [PATCH] libcontainer: Use MS_PRIVATE instead of MS_SLAVE

Now that we unmount all the mounts from the global namespace we can
use a private namespace rather than a slave one (as we have no need
for unmounts of inherited global mounts to propagate into the
container).

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 nsinit/mount.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nsinit/mount.go b/nsinit/mount.go
index 61586bc4..69d85d66 100644
--- a/nsinit/mount.go
+++ b/nsinit/mount.go
@@ -21,7 +21,7 @@ const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NOD
 // is no longer in use, the mounts will be removed automatically
 func setupNewMountNamespace(rootfs, console string, readonly bool) error {
 	// mount as slave so that the new mounts do not propagate to the host
-	if err := system.Mount("", "/", "", syscall.MS_SLAVE|syscall.MS_REC, ""); err != nil {
+	if err := system.Mount("", "/", "", syscall.MS_PRIVATE|syscall.MS_REC, ""); err != nil {
 		return fmt.Errorf("mounting / as slave %s", err)
 	}
 	if err := system.Mount(rootfs, rootfs, "bind", syscall.MS_BIND|syscall.MS_REC, ""); err != nil {