From b1dfd77fa439119e86e89c3606354868e94f7162 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Tue, 23 Jan 2018 11:08:55 -0800 Subject: [PATCH] Set daemon root to use shared propagation This change sets an explicit mount propagation for the daemon root. This is useful for people who need to bind mount the docker daemon root into a container. Since bind mounting the daemon root should only ever happen with at least `rlsave` propagation (to prevent the container from holding references to mounts making it impossible for the daemon to clean up its resources), we should make sure the user is actually able to this. Most modern systems have shared root (`/`) propagation by default already, however there are some cases where this may not be so (e.g. potentially docker-in-docker scenarios, but also other cases). So this just gives the daemon a little more control here and provides a more uniform experience across different systems. Signed-off-by: Brian Goff Upstream-commit: a510192b86e7eb1e1112f3f625d80687fdec6578 Component: engine --- components/engine/daemon/daemon_unix.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/components/engine/daemon/daemon_unix.go b/components/engine/daemon/daemon_unix.go index 74046147a1..de9537c1b0 100644 --- a/components/engine/daemon/daemon_unix.go +++ b/components/engine/daemon/daemon_unix.go @@ -28,6 +28,7 @@ import ( "github.com/docker/docker/pkg/containerfs" "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/ioutils" + "github.com/docker/docker/pkg/mount" "github.com/docker/docker/pkg/parsers" "github.com/docker/docker/pkg/parsers/kernel" "github.com/docker/docker/pkg/sysinfo" @@ -1169,6 +1170,12 @@ func setupDaemonRoot(config *config.Config, rootDir string, rootIDs idtools.IDPa } } } + + if err := ensureSharedOrSlave(config.Root); err != nil { + if err := mount.MakeShared(config.Root); err != nil { + logrus.WithError(err).WithField("dir", config.Root).Warn("Could not set daemon root propagation to shared, this is not generally critical but may cause some functionality to not work or fallback to less desirable behavior") + } + } return nil }