From ecd92dffbc9e4d423169c35c3eebebaa2c961f9e Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Mon, 5 Jul 2021 12:11:42 +0200
Subject: [PATCH] lxc_unshare: make mount table private

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/tools/lxc_unshare.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/lxc/tools/lxc_unshare.c b/src/lxc/tools/lxc_unshare.c
index b4b073a02..8e4716cf3 100644
--- a/src/lxc/tools/lxc_unshare.c
+++ b/src/lxc/tools/lxc_unshare.c
@@ -246,8 +246,13 @@ static int do_start(void *arg)
 		}
 	}
 
-	if ((start_arg->flags & CLONE_NEWNS) && start_arg->want_default_mounts)
-		lxc_setup_fs();
+	if (start_arg->flags & CLONE_NEWNS) {
+		if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, 0) < 0)
+			_exit(EXIT_FAILURE);
+
+		if (start_arg->want_default_mounts)
+			lxc_setup_fs();
+	}
 
 	if ((start_arg->flags & CLONE_NEWUTS) && want_hostname)
 		if (sethostname(want_hostname, strlen(want_hostname)) < 0) {