Motivation
Mount propagation controls how mount/unmount events propagate between namespaces and
peer groups. It is the mechanism that allows container runtimes to:
- Bind-mount host directories into containers (
docker run -v /host:/container)
- Prevent container mounts from leaking back to the host (
MS_PRIVATE)
- Share specific mount points between containers (
MS_SHARED)
- Implement overlay filesystems for container image layers
Without correct mount propagation, runc/containerd cannot set up a container
rootfs correctly.
Current Status
kernel/src/process/namespace/mnt.rs — basic mount namespace structure existskernel/src/process/namespace/propagation.rs — partial implementationMS_BIND, MS_REC, MS_SHARED, MS_PRIVATE, MS_SLAVE, MS_UNBINDABLE — flags defined- Full propagation event propagation (peer group traversal) — status unclear / incomplete
Scope
Implement and verify the following against Linux 6.6 semantics:
Implementation Notes
- Linux 6.6 reference:
fs/namespace.c — do_mount(), mount_setattr(),
propagate_mnt(), propagate_umount().
- Asterinas reference:
kernel/src/fs/vfs/path/mount_namespace.rs.
- gvisor tests:
gvisor/test/syscalls/linux/mount.cc, pivot_root.cc.
- This work is closely related to the correctness of
pivot_root, which is the
standard mechanism for container rootfs switching.
Acceptance Criteria
Motivation
Mount propagation controls how mount/unmount events propagate between namespaces and
peer groups. It is the mechanism that allows container runtimes to:
docker run -v /host:/container)MS_PRIVATE)MS_SHARED)Without correct mount propagation,
runc/containerdcannot set up a containerrootfs correctly.
Current Status
kernel/src/process/namespace/mnt.rs— basic mount namespace structure existskernel/src/process/namespace/propagation.rs— partial implementationMS_BIND,MS_REC,MS_SHARED,MS_PRIVATE,MS_SLAVE,MS_UNBINDABLE— flags definedScope
Implement and verify the following against Linux 6.6 semantics:
MS_PRIVATE— a mount receives no propagation events and sends noneMS_SHARED— mounts in the peer group see each other's mount/unmount eventsMS_SLAVE— receives events from master but does not propagate backMS_UNBINDABLE— likeMS_PRIVATEbut also cannot be bind-mountedMS_BIND+MS_REC— recursive bind mount of a subtreepivot_root(new_root, put_old)— all Linux error conditions (non-mount-point,shared mount, same dir, etc.) must be handled correctly
Implementation Notes
fs/namespace.c—do_mount(),mount_setattr(),propagate_mnt(),propagate_umount().kernel/src/fs/vfs/path/mount_namespace.rs.gvisor/test/syscalls/linux/mount.cc,pivot_root.cc.pivot_root, which is thestandard mechanism for container rootfs switching.
Acceptance Criteria
mount --make-private /followed by a bind mount does not propagate to other namespaces.mount --make-shared /runpropagates bind mounts to peer namespaces.MS_BIND | MS_RECcorrectly bind-mounts a subtree including all sub-mounts.pivot_rootworks correctly for a tmpfs-based rootfs (standard container setup).mount.ccandpivot_root.cctests pass.