From 97f5ee4e6acd242bd6b1ed0acd5aa8395ee6feea Mon Sep 17 00:00:00 2001
From: Phil Estes <estesp@linux.vnet.ibm.com>
Date: Tue, 29 Sep 2015 10:53:21 -0400
Subject: [PATCH] Only remount if requested flags differ from current

Do not remount a bind mount to enable flags unless non-default flags are
provided for the requested mount. This solves a problem with user
namespaces and remount of bind mount permissions.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
---
 libcontainer/rootfs_linux.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
index 3e3a7d2e..d4ee944a 100644
--- a/libcontainer/rootfs_linux.go
+++ b/libcontainer/rootfs_linux.go
@@ -167,9 +167,14 @@ func mountToRootfs(m *configs.Mount, rootfs, mountLabel string) error {
 			return err
 		}
 		// bind mount won't change mount options, we need remount to make mount options effective.
-		if err := remount(m, rootfs); err != nil {
-			return err
+		// first check that we have non-default options required before attempting a remount
+		if m.Flags&^(syscall.MS_REC|syscall.MS_REMOUNT|syscall.MS_BIND) != 0 {
+			// only remount if unique mount options are set
+			if err := remount(m, rootfs); err != nil {
+				return err
+			}
 		}
+
 		if m.Relabel != "" {
 			if err := label.Validate(m.Relabel); err != nil {
 				return err