Comment # 9 on bug 1222499 from Aleksa Sarai 
(In reply to Luca Di Maio from comment #5)
> After a further investigation, it seems it really is related to that
> breaking change
> 
> mounting as ":rslave" something that is :ro, will output that error

runc treats propagation flags and mount options separately, this is odd. I'll
see if I can come up with a test using runc directly (I don't know what podman
is doing to the mount options before giving them to runc).

> ---
> 
> Changing the code for mounting the rootfs into this:
> 
> 	for rootdir in /*; do
> 		if findmnt --notruncate --noheadings --list --output OPTIONS --target
> "${rootdir}" |
> 			tr ',' '\n' | grep -q "^ro$"; then
> 
> 			result_command="${result_command}
> 				--volume ${rootdir}:/run/host/${rootdir}:ro,rslave"
> 		else
> 			result_command="${result_command}
> 				--volume ${rootdir}:/run/host/${rootdir}:rslave"
> 		fi
> 	done

rro,rslave might be a less painful way of doing this. runc 1.1.0 and later
support this though it requires Linux 5.12.

You are receiving this mail because: