I'm mounting couple of directories (bind mount) in a chroot environment, but they behave differently on CentOS 6 and 7 – exactly the same commands.
Example:
I have my chroot env in /chroot/base
.
Then I mount it on every user:
mount --bind /chroot/base /chroot/$user
Then I mount /home/$user
in the same user's chroot:
mount --bind /home/$user /chroot/$user/home/$user
On CentOS 6 it works fine and it mounts exactly those directories, but on CentOS 7 I get something like this:
/dev/mapper/cl_cp-home /chroot/user1/home/user1 xfs rw,relatime,attr2,inode64,usrquota 0 0
/dev/mapper/cl_cp-home /chroot/user2/home/user1 xfs rw,relatime,attr2,inode64,usrquota 0 0
/dev/mapper/cl_cp-home /chroot/user3/home/user1 xfs rw,relatime,attr2,inode64,usrquota 0 0
/dev/mapper/cl_cp-home /chroot/user2/home/user2 xfs rw,relatime,attr2,inode64,usrquota 0 0
/dev/mapper/cl_cp-home /chroot/user3/home/user2 xfs rw,relatime,attr2,inode64,usrquota 0 0
/dev/mapper/cl_cp-home /chroot/user1/home/user2 xfs rw,relatime,attr2,inode64,usrquota 0 0
/dev/mapper/cl_cp-home /chroot/user3/home/user3 xfs rw,relatime,attr2,inode64,usrquota 0 0
Every user's homedir gets mounted in the chroot env of the other users.
Why is this happening? What changed between CentOS6/7 that could be causing this?
Edit:
Running ls
on the folder for user1
for example (123user1
is a simple touch /home/user1/123user1
file):
root@server:~# ls /chroot/user1/home/user1/
123user1
root@server:~# ls /chroot/user2/home/user1/
123user1
root@server:~# ls /chroot/user3/home/user1/
123user1
Even more strange is this:
root@server:~# ls /chroot/base/home/user1/
123user1
I haven't mounted this at any stage
Best Answer
The source of the behaviour seems the changed default of the shared subtrees operation. The kernel documentation Documentation/sharedsubtree.txt mentions that
private
is the default, whereas actually it isshared
which can be obtained by viewing/proc/self/mountinfo
after mounting a directory with--bind
.This causes propagation of mounts under /chroot/test back to /chroot/base which then affects the other bind-mounts derived from /chroot/base.
To get back the old behaviour, one has to specifiy
--make-private
explicitly orprivate
as mount option in /etc/fstab.I think it is save to apply the
private
option to any bind-mount you want the old behaviour back.Update
The kernel default is still
private
butsystemd
is remounting the filesystems asshared
due to better container support. From the systemd github site: