summary refs log tree commit diff
path: root/src/linux.rs
diff options
context:
space:
mode:
Diffstat (limited to 'src/linux.rs')
-rw-r--r--src/linux.rs7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/linux.rs b/src/linux.rs
index cebfa77..e480a4c 100644
--- a/src/linux.rs
+++ b/src/linux.rs
@@ -819,7 +819,12 @@ fn create_fs_device(
             log_failures: cfg.seccomp_log_failures,
             seccomp_policy: &seccomp_policy,
         };
-        create_base_minijail(src, Some(max_open_files), Some(&config))?
+        let mut jail = create_base_minijail(src, Some(max_open_files), Some(&config))?;
+        // We want bind mounts from the parent namespaces to propagate into the fs device's
+        // namespace.
+        jail.set_remount_mode(libc::MS_SLAVE);
+
+        jail
     } else {
         create_base_minijail(src, Some(max_open_files), None)?
     };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-03 07:42:34 +0000