e420cc3e5d
Properly handle propagation options for root and mounts. Now usage of mount options shared, rshared, and noexec cause error to start. shared/ rshared breaks sandbox=>host isolation. slave however can be supported because changes propagate from host to sandbox. Root FS setup moved inside the gofer. Apart from simplifying the code, it keeps all mounts inside the namespace. And they are torn down when the namespace is destroyed (DestroyFS is no longer needed). PiperOrigin-RevId: 239037661 Change-Id: I8b5ee4d50da33c042ea34fa68e56514ebe20e6e0 |
||
|---|---|---|
| .. | ||
| BUILD | ||
| console_test.go | ||
| container.go | ||
| container_test.go | ||
| hook.go | ||
| multi_container_test.go | ||
| shared_volume_test.go | ||
| status.go | ||
| test_app.go | ||