From 097c442a159fb7b1034fc32d033406b1df39ac2a Mon Sep 17 00:00:00 2001
From: lifeng68 <lifeng68@huawei.com>
Date: Tue, 17 Nov 2020 18:41:26 +0800
Subject: [PATCH] rootfs: add make private for root.path parent

Signed-off-by: lifeng68 <lifeng68@huawei.com>
---
 ...dd-make-private-for-root.path-parent.patch | 28 +++++++++++++++++++
 lxc.spec                                      |  9 +++++-
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 0011-rootfs-add-make-private-for-root.path-parent.patch

diff --git a/0011-rootfs-add-make-private-for-root.path-parent.patch b/0011-rootfs-add-make-private-for-root.path-parent.patch
new file mode 100644
index 0000000..5ef6c6d
--- /dev/null
+++ b/0011-rootfs-add-make-private-for-root.path-parent.patch
@@ -0,0 +1,28 @@
+From e9214cfb2a247a78a07d2032956cde97e6d19e4a Mon Sep 17 00:00:00 2001
+From: lifeng68 <lifeng68@huawei.com>
+Date: Tue, 17 Nov 2020 18:37:56 +0800
+Subject: [PATCH 11/11] rootfs: add make private for root.path parent
+
+Signed-off-by: lifeng68 <lifeng68@huawei.com>
+---
+ src/lxc/conf.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/lxc/conf.c b/src/lxc/conf.c
+index 3d8713954..ce5bab9c5 100644
+--- a/src/lxc/conf.c
++++ b/src/lxc/conf.c
+@@ -1434,6 +1434,10 @@ static int lxc_mount_rootfs(struct lxc_conf *conf)
+ 	* not propagate in other namespaces. Also it will help with kernel
+ 	* check pass in pivot_root. (IS_SHARED(new_mnt->mnt_parent))
+ 	*/
++	ret = rootfs_parent_mount_private(conf->rootfs.path);
++	if (ret != 0) {
++		return log_error(-1, "Failed to make parent of rootfs %s to private.", conf->rootfs.path);
++	}
+ 	ret = rootfs_parent_mount_private(conf->rootfs.mount);
+ 	if (ret != 0) {
+ 		return log_error(-1, "Failed to make parent of rootfs %s to private.", conf->rootfs.mount);
+-- 
+2.25.1
+
diff --git a/lxc.spec b/lxc.spec
index 98f1f6d..2b5f010 100644
--- a/lxc.spec
+++ b/lxc.spec
@@ -1,4 +1,4 @@
-%global _release 2020111301
+%global _release 2020111701
 
 Name:           lxc
 Version:        4.0.3
@@ -17,6 +17,7 @@ Patch9007:      0007-Using-string-type-instead-of-security_context_t-beca.patch
 Patch9008:	0008-hook-pass-correct-mount-dir-as-root-to-hook.patch
 Patch9009:	0009-cgroup-refact-cgroup-manager-to-single-file.patch
 Patch9010:	0010-cgfsng-adjust-log-level-from-error-to-warn.patch
+Patch9011:	0011-rootfs-add-make-private-for-root.path-parent.patch
 
 BuildRequires:  systemd-units git libtool graphviz docbook2X doxygen chrpath
 BuildRequires:  pkgconfig(libseccomp)
@@ -188,6 +189,12 @@ make check
 %{_mandir}/*/man7/%{name}*
 
 %changelog
+* Fri Nov 13 2020 lifeng <lifeng68@openeuler.org> - 4.0.3-2020111701
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC: add make private for root.path parent 
+
 * Fri Nov 13 2020 lifeng <lifeng68@openeuler.org> - 4.0.3-2020111301
 - Type:enhancement
 - ID:NA
-- 
Gitee