From cf4ed6c8836a4707c1cdc9275e0a4b15cc72016f Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Thu, 6 Mar 2014 16:32:06 -0800
Subject: [PATCH 1/2] Revert "libcontainer: Use pivot_root instead of chroot"

This reverts commit 5b5c884cc8266d0c2a56da0bc2df14cc9d5d85e8.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 82f797f14096430c3edbace1cd30e04a483ec41f
Component: engine
---
 .../engine/pkg/libcontainer/nsinit/mount.go   | 22 ++++---------------
 1 file changed, 4 insertions(+), 18 deletions(-)

diff --git a/components/engine/pkg/libcontainer/nsinit/mount.go b/components/engine/pkg/libcontainer/nsinit/mount.go
index 69d85d66ca..a97a3795e4 100644
--- a/components/engine/pkg/libcontainer/nsinit/mount.go
+++ b/components/engine/pkg/libcontainer/nsinit/mount.go
@@ -5,7 +5,6 @@ package nsinit
 import (
 	"fmt"
 	"github.com/dotcloud/docker/pkg/system"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"syscall"
@@ -51,29 +50,16 @@ func setupNewMountNamespace(rootfs, console string, readonly bool) error {
 	if err := system.Chdir(rootfs); err != nil {
 		return fmt.Errorf("chdir into %s %s", rootfs, err)
 	}
-
-	pivotDir, err := ioutil.TempDir(rootfs, ".pivot_root")
-	if err != nil {
-		return fmt.Errorf("can't create pivot_root dir %s", pivotDir, err)
+	if err := system.Mount(rootfs, "/", "", syscall.MS_MOVE, ""); err != nil {
+		return fmt.Errorf("mount move %s into / %s", rootfs, err)
 	}
-	if err := system.Pivotroot(rootfs, pivotDir); err != nil {
-		return fmt.Errorf("pivot_root %s", err)
+	if err := system.Chroot("."); err != nil {
+		return fmt.Errorf("chroot . %s", err)
 	}
 	if err := system.Chdir("/"); err != nil {
 		return fmt.Errorf("chdir / %s", err)
 	}
 
-	// path to pivot dir now changed, update
-	pivotDir = filepath.Join("/", filepath.Base(pivotDir))
-
-	if err := system.Unmount(pivotDir, syscall.MNT_DETACH); err != nil {
-		return fmt.Errorf("unmount pivot_root dir %s", err)
-	}
-
-	if err := os.Remove(pivotDir); err != nil {
-		return fmt.Errorf("remove pivot_root dir %s", err)
-	}
-
 	system.Umask(0022)
 
 	return nil

From d96ead649838df22a969968d05dde36e6cf67c0c Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Thu, 6 Mar 2014 16:41:03 -0800
Subject: [PATCH 2/2] Revert "libcontainer: Use MS_PRIVATE instead of MS_SLAVE"

This reverts commit 757b5775725fb90262cee1fa6068fa9dcbbff59f.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: bd263f5b15b51747e3429179fef7fcb425ccbe4a
Component: engine
---
 components/engine/pkg/libcontainer/nsinit/mount.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/pkg/libcontainer/nsinit/mount.go b/components/engine/pkg/libcontainer/nsinit/mount.go
index a97a3795e4..0506b99766 100644
--- a/components/engine/pkg/libcontainer/nsinit/mount.go
+++ b/components/engine/pkg/libcontainer/nsinit/mount.go
@@ -20,7 +20,7 @@ const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NOD
 // is no longer in use, the mounts will be removed automatically
 func setupNewMountNamespace(rootfs, console string, readonly bool) error {
 	// mount as slave so that the new mounts do not propagate to the host
-	if err := system.Mount("", "/", "", syscall.MS_PRIVATE|syscall.MS_REC, ""); err != nil {
+	if err := system.Mount("", "/", "", syscall.MS_SLAVE|syscall.MS_REC, ""); err != nil {
 		return fmt.Errorf("mounting / as slave %s", err)
 	}
 	if err := system.Mount(rootfs, rootfs, "bind", syscall.MS_BIND|syscall.MS_REC, ""); err != nil {