Only remount if requested flags differ from current

Do not remount a bind mount to enable flags unless non-default flags are
provided for the requested mount. This solves a problem with user
namespaces and remount of bind mount permissions.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
This commit is contained in:
Phil Estes 2015-09-29 10:53:21 -04:00
parent 902ccd0f18
commit 97f5ee4e6a
1 changed files with 7 additions and 2 deletions

View File

@ -167,9 +167,14 @@ func mountToRootfs(m *configs.Mount, rootfs, mountLabel string) error {
return err
}
// bind mount won't change mount options, we need remount to make mount options effective.
if err := remount(m, rootfs); err != nil {
return err
// first check that we have non-default options required before attempting a remount
if m.Flags&^(syscall.MS_REC|syscall.MS_REMOUNT|syscall.MS_BIND) != 0 {
// only remount if unique mount options are set
if err := remount(m, rootfs); err != nil {
return err
}
}
if m.Relabel != "" {
if err := label.Validate(m.Relabel); err != nil {
return err