From 3ee44d942ed9ed8f0b5e0ad1f1949d4b8ffa95f9 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Thu, 29 Oct 2020 13:31:55 -0400
Subject: Add better support for unbindable volume mounts

Allow users to specify unbindable on volume command line

Switch internal mounts to rprivate to help prevent leaks.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 libpod/container_internal_linux.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'libpod/container_internal_linux.go')

diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index bf74ca954..83d5c20cb 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -344,7 +344,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 			Type:        "bind",
 			Source:      srcPath,
 			Destination: dstPath,
-			Options:     []string{"bind", "private"},
+			Options:     []string{"bind", "rprivate"},
 		}
 		if c.IsReadOnly() && dstPath != "/dev/shm" {
 			newMount.Options = append(newMount.Options, "ro", "nosuid", "noexec", "nodev")
-- 
cgit v1.2.3-54-g00ecf