Move remount as private to the graph drivers

If this is at the root directory for the daemon you could unmount
somones filesystem when you stop docker and this is actually only needed
for the palces that the graph drivers mount the container's root
    filesystems.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)

daemon/daemon.go

@@ -27,7 +27,6 @@ import (
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/pkg/graphdb"
 	"github.com/dotcloud/docker/pkg/label"
-	"github.com/dotcloud/docker/pkg/mount"
 	"github.com/dotcloud/docker/pkg/namesgenerator"
 	"github.com/dotcloud/docker/pkg/networkfs/resolvconf"
 	"github.com/dotcloud/docker/pkg/selinux"
@@ -102,21 +101,6 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	return eng.Register("container_inspect", daemon.ContainerInspect)
 }
 
-// Mountpoints should be private to the container
-func remountPrivate(mountPoint string) error {
-	mounted, err := mount.Mounted(mountPoint)
-	if err != nil {
-		return err
-	}
-
-	if !mounted {
-		if err := mount.Mount(mountPoint, mountPoint, "none", "bind,rw"); err != nil {
-			return err
-		}
-	}
-	return mount.ForceMount("", mountPoint, "none", "private")
-}
-
 // List returns an array of all containers registered in the daemon.
 func (daemon *Daemon) List() []*Container {
 	return daemon.containers.List()
@@ -786,10 +770,6 @@ func NewDaemonFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*D
 	}
 	utils.Debugf("Using graph driver %s", driver)
 
-	if err := remountPrivate(config.Root); err != nil {
-		return nil, err
-	}
-
 	daemonRepo := path.Join(config.Root, "containers")
 
 	if err := os.MkdirAll(daemonRepo, 0700); err != nil && !os.IsExist(err) {
@@ -938,10 +918,6 @@ func (daemon *Daemon) Close() error {
 		utils.Errorf("daemon.containerGraph.Close(): %s", err.Error())
 		errorsStrings = append(errorsStrings, err.Error())
 	}
-	if err := mount.Unmount(daemon.config.Root); err != nil {
-		utils.Errorf("daemon.Umount(%s): %s", daemon.config.Root, err.Error())
-		errorsStrings = append(errorsStrings, err.Error())
-	}
 	if len(errorsStrings) > 0 {
 		return fmt.Errorf("%s", strings.Join(errorsStrings, ", "))
 	}

daemon/graphdriver/aufs/aufs.go

@@ -97,6 +97,10 @@ func Init(root string, options []string) (graphdriver.Driver, error) {
 		return nil, err
 	}
 
+	if err := graphdriver.MakePrivate(root); err != nil {
+		return nil, err
+	}
+
 	for _, p := range paths {
 		if err := os.MkdirAll(path.Join(root, p), 0755); err != nil {
 			return nil, err
@@ -371,12 +375,14 @@ func (a *Driver) Cleanup() error {
 	if err != nil {
 		return err
 	}
+
 	for _, id := range ids {
 		if err := a.unmount(id); err != nil {
 			utils.Errorf("Unmounting %s: %s", utils.TruncateID(id), err)
 		}
 	}
-	return nil
+
+	return mountpk.Unmount(a.root)
 }
 
 func (a *Driver) aufsMount(ro []string, rw, target, mountLabel string) (err error) {

daemon/graphdriver/btrfs/btrfs.go

@@ -11,11 +11,13 @@ import "C"
 
 import (
 	"fmt"
-	"github.com/dotcloud/docker/daemon/graphdriver"
 	"os"
 	"path"
 	"syscall"
 	"unsafe"
+
+	"github.com/dotcloud/docker/daemon/graphdriver"
+	"github.com/dotcloud/docker/pkg/mount"
 )
 
 func init() {
@@ -34,6 +36,14 @@ func Init(home string, options []string) (graphdriver.Driver, error) {
 		return nil, graphdriver.ErrPrerequisites
 	}
 
+	if err := os.MkdirAll(home, 0700); err != nil {
+		return nil, err
+	}
+
+	if err := graphdriver.MakePrivate(home); err != nil {
+		return nil, err
+	}
+
 	return &Driver{
 		home: home,
 	}, nil
@@ -52,7 +62,7 @@ func (d *Driver) Status() [][2]string {
 }
 
 func (d *Driver) Cleanup() error {
-	return nil
+	return mount.Unmount(d.home)
 }
 
 func free(p *C.char) {

daemon/graphdriver/devmapper/driver.go

@@ -9,6 +9,7 @@ import (
 	"path"
 
 	"github.com/dotcloud/docker/daemon/graphdriver"
+	"github.com/dotcloud/docker/pkg/mount"
 	"github.com/dotcloud/docker/utils"
 )
 
@@ -31,10 +32,16 @@ func Init(home string, options []string) (graphdriver.Driver, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	if err := graphdriver.MakePrivate(home); err != nil {
+		return nil, err
+	}
+
 	d := &Driver{
 		DeviceSet: deviceSet,
 		home:      home,
 	}
+
 	return d, nil
 }
 
@@ -58,7 +65,13 @@ func (d *Driver) Status() [][2]string {
 }
 
 func (d *Driver) Cleanup() error {
-	return d.DeviceSet.Shutdown()
+	err := d.DeviceSet.Shutdown()
+
+	if err2 := mount.Unmount(d.home); err == nil {
+		err = err2
+	}
+
+	return err
 }
 
 func (d *Driver) Create(id, parent string) error {

daemon/graphdriver/driver.go

@@ -3,9 +3,11 @@ package graphdriver
 import (
 	"errors"
 	"fmt"
-	"github.com/dotcloud/docker/archive"
 	"os"
 	"path"
+
+	"github.com/dotcloud/docker/archive"
+	"github.com/dotcloud/docker/pkg/mount"
 )
 
 type FsMagic uint64
@@ -107,3 +109,18 @@ func New(root string, options []string) (driver Driver, err error) {
 	}
 	return nil, fmt.Errorf("No supported storage backend found")
 }
+
+func MakePrivate(mountPoint string) error {
+	mounted, err := mount.Mounted(mountPoint)
+	if err != nil {
+		return err
+	}
+
+	if !mounted {
+		if err := mount.Mount(mountPoint, mountPoint, "none", "bind,rw"); err != nil {
+			return err
+		}
+	}
+
+	return mount.ForceMount("", mountPoint, "none", "private")
+}