From 3609b051b88565c0fe0615fd47ddb48eed549d27 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Thu, 5 Jun 2014 12:50:53 -0700
Subject: [PATCH] Move remount as private to the graph drivers

If this is at the root directory for the daemon you could unmount
somones filesystem when you stop docker and this is actually only needed
for the palces that the graph drivers mount the container's root
    filesystems.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 daemon/daemon.go                       | 24 ------------------------
 daemon/graphdriver/aufs/aufs.go        |  8 +++++++-
 daemon/graphdriver/btrfs/btrfs.go      | 14 ++++++++++++--
 daemon/graphdriver/devmapper/driver.go | 15 ++++++++++++++-
 daemon/graphdriver/driver.go           | 19 ++++++++++++++++++-
 5 files changed, 51 insertions(+), 29 deletions(-)

diff --git a/daemon/daemon.go b/daemon/daemon.go
index 2c2b046946..445d5c5b6c 100644
--- a/daemon/daemon.go
+++ b/daemon/daemon.go
@@ -27,7 +27,6 @@ import (
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/pkg/graphdb"
 	"github.com/dotcloud/docker/pkg/label"
-	"github.com/dotcloud/docker/pkg/mount"
 	"github.com/dotcloud/docker/pkg/namesgenerator"
 	"github.com/dotcloud/docker/pkg/networkfs/resolvconf"
 	"github.com/dotcloud/docker/pkg/selinux"
@@ -102,21 +101,6 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	return eng.Register("container_inspect", daemon.ContainerInspect)
 }
 
-// Mountpoints should be private to the container
-func remountPrivate(mountPoint string) error {
-	mounted, err := mount.Mounted(mountPoint)
-	if err != nil {
-		return err
-	}
-
-	if !mounted {
-		if err := mount.Mount(mountPoint, mountPoint, "none", "bind,rw"); err != nil {
-			return err
-		}
-	}
-	return mount.ForceMount("", mountPoint, "none", "private")
-}
-
 // List returns an array of all containers registered in the daemon.
 func (daemon *Daemon) List() []*Container {
 	return daemon.containers.List()
@@ -786,10 +770,6 @@ func NewDaemonFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*D
 	}
 	utils.Debugf("Using graph driver %s", driver)
 
-	if err := remountPrivate(config.Root); err != nil {
-		return nil, err
-	}
-
 	daemonRepo := path.Join(config.Root, "containers")
 
 	if err := os.MkdirAll(daemonRepo, 0700); err != nil && !os.IsExist(err) {
@@ -938,10 +918,6 @@ func (daemon *Daemon) Close() error {
 		utils.Errorf("daemon.containerGraph.Close(): %s", err.Error())
 		errorsStrings = append(errorsStrings, err.Error())
 	}
-	if err := mount.Unmount(daemon.config.Root); err != nil {
-		utils.Errorf("daemon.Umount(%s): %s", daemon.config.Root, err.Error())
-		errorsStrings = append(errorsStrings, err.Error())
-	}
 	if len(errorsStrings) > 0 {
 		return fmt.Errorf("%s", strings.Join(errorsStrings, ", "))
 	}
diff --git a/daemon/graphdriver/aufs/aufs.go b/daemon/graphdriver/aufs/aufs.go
index 43c3128271..97e9b9748a 100644
--- a/daemon/graphdriver/aufs/aufs.go
+++ b/daemon/graphdriver/aufs/aufs.go
@@ -97,6 +97,10 @@ func Init(root string, options []string) (graphdriver.Driver, error) {
 		return nil, err
 	}
 
+	if err := graphdriver.MakePrivate(root); err != nil {
+		return nil, err
+	}
+
 	for _, p := range paths {
 		if err := os.MkdirAll(path.Join(root, p), 0755); err != nil {
 			return nil, err
@@ -371,12 +375,14 @@ func (a *Driver) Cleanup() error {
 	if err != nil {
 		return err
 	}
+
 	for _, id := range ids {
 		if err := a.unmount(id); err != nil {
 			utils.Errorf("Unmounting %s: %s", utils.TruncateID(id), err)
 		}
 	}
-	return nil
+
+	return mountpk.Unmount(a.root)
 }
 
 func (a *Driver) aufsMount(ro []string, rw, target, mountLabel string) (err error) {
diff --git a/daemon/graphdriver/btrfs/btrfs.go b/daemon/graphdriver/btrfs/btrfs.go
index ba3ecba761..f561244c51 100644
--- a/daemon/graphdriver/btrfs/btrfs.go
+++ b/daemon/graphdriver/btrfs/btrfs.go
@@ -11,11 +11,13 @@ import "C"
 
 import (
 	"fmt"
-	"github.com/dotcloud/docker/daemon/graphdriver"
 	"os"
 	"path"
 	"syscall"
 	"unsafe"
+
+	"github.com/dotcloud/docker/daemon/graphdriver"
+	"github.com/dotcloud/docker/pkg/mount"
 )
 
 func init() {
@@ -34,6 +36,14 @@ func Init(home string, options []string) (graphdriver.Driver, error) {
 		return nil, graphdriver.ErrPrerequisites
 	}
 
+	if err := os.MkdirAll(home, 0700); err != nil {
+		return nil, err
+	}
+
+	if err := graphdriver.MakePrivate(home); err != nil {
+		return nil, err
+	}
+
 	return &Driver{
 		home: home,
 	}, nil
@@ -52,7 +62,7 @@ func (d *Driver) Status() [][2]string {
 }
 
 func (d *Driver) Cleanup() error {
-	return nil
+	return mount.Unmount(d.home)
 }
 
 func free(p *C.char) {
diff --git a/daemon/graphdriver/devmapper/driver.go b/daemon/graphdriver/devmapper/driver.go
index 5bfd8ee658..cf82ad62ed 100644
--- a/daemon/graphdriver/devmapper/driver.go
+++ b/daemon/graphdriver/devmapper/driver.go
@@ -9,6 +9,7 @@ import (
 	"path"
 
 	"github.com/dotcloud/docker/daemon/graphdriver"
+	"github.com/dotcloud/docker/pkg/mount"
 	"github.com/dotcloud/docker/utils"
 )
 
@@ -31,10 +32,16 @@ func Init(home string, options []string) (graphdriver.Driver, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	if err := graphdriver.MakePrivate(home); err != nil {
+		return nil, err
+	}
+
 	d := &Driver{
 		DeviceSet: deviceSet,
 		home:      home,
 	}
+
 	return d, nil
 }
 
@@ -58,7 +65,13 @@ func (d *Driver) Status() [][2]string {
 }
 
 func (d *Driver) Cleanup() error {
-	return d.DeviceSet.Shutdown()
+	err := d.DeviceSet.Shutdown()
+
+	if err2 := mount.Unmount(d.home); err == nil {
+		err = err2
+	}
+
+	return err
 }
 
 func (d *Driver) Create(id, parent string) error {
diff --git a/daemon/graphdriver/driver.go b/daemon/graphdriver/driver.go
index 93d4ed2535..4536489706 100644
--- a/daemon/graphdriver/driver.go
+++ b/daemon/graphdriver/driver.go
@@ -3,9 +3,11 @@ package graphdriver
 import (
 	"errors"
 	"fmt"
-	"github.com/dotcloud/docker/archive"
 	"os"
 	"path"
+
+	"github.com/dotcloud/docker/archive"
+	"github.com/dotcloud/docker/pkg/mount"
 )
 
 type FsMagic uint64
@@ -107,3 +109,18 @@ func New(root string, options []string) (driver Driver, err error) {
 	}
 	return nil, fmt.Errorf("No supported storage backend found")
 }
+
+func MakePrivate(mountPoint string) error {
+	mounted, err := mount.Mounted(mountPoint)
+	if err != nil {
+		return err
+	}
+
+	if !mounted {
+		if err := mount.Mount(mountPoint, mountPoint, "none", "bind,rw"); err != nil {
+			return err
+		}
+	}
+
+	return mount.ForceMount("", mountPoint, "none", "private")
+}