Investigate and remove rootfsPropagation workaround
ijc opened this issue · 1 comments
ijc commented
#70 introduced a workaround (mount --make-shared / on entry) to the cri and docker containers because we were seeing issues like:
time="2018-04-05T14:21:11.075653345Z" level=error msg="Handler for POST /v1.31/containers/2a2de13fe4203cfc33457b5e8d265a7bc6df303d4d4e4190c9ba9fcdb4c5e97a/start returned error: linux mounts: path /etc/ssl/certs is mounted on / but it is not a shared or slave mount"
There were other similar instances relating to binds (e.g. path /etc/kubernetes/pki/etcd is mounted on /etc/kubernetes but it is not a shared or slave mount, where /etc/kubernetes is a bind mount) but they were resolved by a newer linuxkit which included moby/tool#210 switching all binds to shared by default (there are likely some explicit tags which can now be dropped).
The remaining issue with / needs investigation. Could be opencontainers/runc#1755 ?