Rather than bind mounting binfmt_misc filesystem, mount a copy.

For some reason, bind mounting does not always seem to work, sometimes the filesystem is empty. Mounting a fresh copy seems a better solution, and simplifies things. The container does need `CAP_SYS_ADMIN` but only on boot. Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2025-09-06 09:21:28 +00:00 · 2018-06-22 13:41:34 +01:00
parent ccfdc71a2f
commit a6dbe8ceba
3 changed files with 9 additions and 6 deletions
--- a/pkg/binfmt/main.go
+++ b/pkg/binfmt/main.go
@@ -69,6 +69,11 @@ func binfmt(line []byte) error {
 func main() {
 	flag.Parse()

+	if err := syscall.Mount("binfmt_misc", mount, "binfmt_misc", 0, ""); err != nil {
+		log.Fatalf("Cannot mount binfmt_misc filesystem at %s: %v", mount, err)
+	}
+	defer syscall.Unmount(mount, 0)
+
 	files, err := ioutil.ReadDir(dir)
 	if err != nil {
 		log.Fatalf("Cannot read directory %s: %s", dir, err)