mirror of
https://github.com/docker/cli.git
synced 2026-01-23 15:21:32 +03:00
5edb271922
lxc-start requires / to be mounted private, otherwise the changes it does inside the container (both mounts and unmounts) will propagate out to the host. We work around this by starting up lxc-start in its own namespace where we set / to rshared. Unfortunately go can't really execute any code between clone and exec, so we can't do this in a nice way. Instead we have a horrible hack that use the unshare command, the shell and the mount command... Upstream-commit: 157d99a72786c454dfaad8b0800914cc80879aa8 Component: engine