From 709feac057e86bd4de41340cdb80f92ba4cb8bcc Mon Sep 17 00:00:00 2001
From: Alex Price <aprice@atlassian.com>
Date: Fri, 3 May 2019 12:10:28 +1000
Subject: [PATCH] mounts: fix isSystemMount check for mountSharedDirMounts

This change updates the isSystemMount check for mountSharedDirMounts
when setting up shared directory mounts for the container and uses
the source of the mount instead of the destination for the check.

We want to exclude system mounts from the host side as they
shouldn't be mounted into the container.

We do however want to allow system mounts within the
container as denying them can prevent some containers from
running properly.

Fixes #1591

Signed-off-by: Alex Price <aprice@atlassian.com>
---
 virtcontainers/container.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/virtcontainers/container.go b/virtcontainers/container.go
index 6030d73550..9c8b271b62 100644
--- a/virtcontainers/container.go
+++ b/virtcontainers/container.go
@@ -515,10 +515,11 @@ func (c *Container) mountSharedDirMounts(hostSharedDir, guestSharedDir string) (
 	var sharedDirMounts []Mount
 	var ignoredMounts []Mount
 	for idx, m := range c.mounts {
-		if isSystemMount(m.Destination) {
-			if !(IsDockerVolume(m.Source) || Isk8sHostEmptyDir(m.Source)) {
-				continue
-			}
+		// Skip mounting certain system paths from the source on the host side
+		// into the container as it does not make sense to do so.
+		// Example sources could be /sys/fs/cgroup etc.
+		if isSystemMount(m.Source) {
+			continue
 		}
 
 		if m.Type != "bind" {