From bfa76205d541f78ced9d1917a54cc8b9d81168fa Mon Sep 17 00:00:00 2001
From: Justin Cormack <justin.cormack@docker.com>
Date: Sun, 9 Apr 2017 13:25:38 +0100
Subject: [PATCH] Change propagation for root

- make / rshared
- make /containers private
- make /var its own tmpfs mountpoint, shared

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
---
 pkg/init/etc/init.d/rcS | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/pkg/init/etc/init.d/rcS b/pkg/init/etc/init.d/rcS
index 7dd576c2f..8553cdba8 100755
--- a/pkg/init/etc/init.d/rcS
+++ b/pkg/init/etc/init.d/rcS
@@ -107,11 +107,17 @@ mkdir /tmp/etc
 mv /etc/resolv.conf /tmp/etc/resolv.conf
 ln -snf /tmp/etc/resolv.conf /etc/resolv.conf
 
+# mount rootfs as rshared
+mount --make-rshared /
+
 # remount rootfs as readonly
 mount -o remount,ro /
 
-# bind and remount containers and var as read-write
+# bind and remount containers as read-write but private
 mount -o bind /containers /containers
-mount -o bind /var /var
 mount -o remount,rw,relatime /containers /containers
-mount -o remount,rw,nodev,nosuid,relatime /var /var
+mount --make-private /containers
+
+# make /var its own tmpfs mount point
+mount -n -t tmpfs var /var -o nodev,nosuid,noexec,relatime,size=10%,mode=755
+mount --make-rshared /var