Rework how /var is mounted

Instead of mounting a new filesystem, revert to doing a `rw` bind.

However do not make `/` `rshared`, just `/var` as that is where we expect
filesystems to be mounted for persistence. Also only make the actual
container rootfs writeable, not the whole directory.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>

pkg/init/etc/init.d/containers

@@ -8,6 +8,7 @@ then
 	do
 		base="$(basename $f)"
 		/bin/mount --bind "$f/rootfs" "$f/rootfs"
+		mount -o remount,rw "$f/rootfs"
 		/usr/bin/runc run --bundle "$f" "$(basename $f)"
 		printf " - $base\n"
 	done
@@ -22,6 +23,7 @@ then
 	do
 		base="$(basename $f)"
 		/bin/mount --bind "$f/rootfs" "$f/rootfs"
+		mount -o remount,rw "$f/rootfs"
 		log="/var/log/$base.log"
 		/sbin/start-stop-daemon --start --pidfile /run/$base.pid --exec /usr/bin/runc -- run --bundle "$f" --pid-file /run/$base.pid "$(basename $f)" </dev/null 2>$log >$log &
 		printf " - $base\n"

pkg/init/etc/init.d/rcS

@@ -107,17 +107,10 @@ mkdir /tmp/etc
 mv /etc/resolv.conf /tmp/etc/resolv.conf
 ln -snf /tmp/etc/resolv.conf /etc/resolv.conf
 
-# mount rootfs as rshared
-mount --make-rshared /
-
 # remount rootfs as readonly
 mount -o remount,ro /
 
-# bind and remount containers as read-write but private
-mount -o bind /containers /containers
-mount -o remount,rw,relatime /containers /containers
-mount --make-private /containers
-
-# make /var its own tmpfs mount point
-mount -n -t tmpfs var /var -o nodev,nosuid,noexec,relatime,size=10%,mode=755
+# make /var writeable and shared
+mount -o bind /var /var
+mount -o remount,rw,nodev,nosuid,noexec,relatime /var /var
 mount --make-rshared /var