CRI-O default bind mounts to "rbind, rprivate" to match docker

Containers running in kubernetes currently do not specify options for mount propagation and whether to bind or rbind the mount point. Since docker defaults to bind and rbind, we should match their behavious, since this is what admins expect Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-08-16 10:37:40 -04:00 · 2017-08-16 10:37:40 -04:00 · 50ad19148d
commit 50ad19148d
parent 85b4aedacb
1 changed files with 1 additions and 0 deletions
--- a/server/container_create.go
+++ b/server/container_create.go
@ -62,6 +62,7 @@ func addOCIBindMounts(sb *sandbox.Sandbox, containerConfig *pb.ContainerConfig,
 		if mount.Readonly {
 			options = []string{"ro"}
 		}
+		options = append(options, []string{"rbind", "rprivate"}...)

 		if mount.SelinuxRelabel {
 			// Need a way in kubernetes to determine if the volume is shared or private