Add better support for unbindable volume mounts

Allow users to specify unbindable on volume command line

Switch internal mounts to rprivate to help prevent leaks.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

2 files changed, 2 insertions, 2 deletions

diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go
index 162f70326..f78d74ef7 100644
--- a/libpod/container_inspect.go
+++ b/libpod/container_inspect.go
@@ -270,7 +270,7 @@ func parseMountOptionsForInspect(options []string, mount *define.InspectMount) {
 			isRW = false
 		case "rw":
 			// Do nothing, silently discard
-		case "shared", "slave", "private", "rshared", "rslave", "rprivate":
+		case "shared", "slave", "private", "rshared", "rslave", "rprivate", "unbindable", "runbindable":
 			mountProp = opt
 		case "z", "Z":
 			zZ = opt
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index bf74ca954..83d5c20cb 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -344,7 +344,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 			Type:        "bind",
 			Source:      srcPath,
 			Destination: dstPath,
-			Options:     []string{"bind", "private"},
+			Options:     []string{"bind", "rprivate"},
 		}
 		if c.IsReadOnly() && dstPath != "/dev/shm" {
 			newMount.Options = append(newMount.Options, "ro", "nosuid", "noexec", "nodev")