diff --git a/config-linux.md b/config-linux.md
index 765a0cb9..fbc39d8e 100644
--- a/config-linux.md
+++ b/config-linux.md
@@ -139,6 +139,13 @@ rlimits allow setting resource limits. The type is from the values defined in [t
 
 uid/gid mappings describe the user namespace mappings from the host to the container. *from* is the starting uid/gid on the host to be mapped to *to* which is the starting uid/gid in the container and *count* refers to the number of ids to be mapped. The Linux kernel has a limit of 5 such mappings that can be specified.
 
+## Rootfs Mount Propagation
+rootfsPropagation sets the rootfs's mount propagation. Its value is either slave, private, or shared. [The kernel doc](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt) has more information about mount propagation.
+
+```
+    "rootfsPropagation": "slave",
+```
+
 ## Security
 
 **TODO:** security profiles
diff --git a/spec_linux.go b/spec_linux.go
index f5f561bf..8ea8f0b0 100644
--- a/spec_linux.go
+++ b/spec_linux.go
@@ -28,6 +28,8 @@ type Linux struct {
 	Capabilities []string `json:"capabilities"`
 	// Devices are a list of device nodes that are created and enabled for the container.
 	Devices []string `json:"devices"`
+	// RootfsPropagation is the rootfs mount propagation mode for the container.
+	RootfsPropagation string `json:"rootfsPropagation"`
 }
 
 // User specifies linux specific user and group information for the container's