diff --git a/crates/libcontainer/src/process/container_init_process.rs b/crates/libcontainer/src/process/container_init_process.rs index ba07b0fed..b547636fb 100644 --- a/crates/libcontainer/src/process/container_init_process.rs +++ b/crates/libcontainer/src/process/container_init_process.rs @@ -350,6 +350,14 @@ pub fn container_init_process( InitProcessError::SyscallOther(err) })?; } else { + // Move the rootfs to the root of the host filesystem before chrooting + // This is equivalent to pivot_root + syscall + .mount(Some(rootfs_path), Path::new("/"), None, MsFlags::MS_MOVE, None) + .map_err(|err| { + tracing::error!(?err, ?rootfs_path, "failed to move rootfs"); + InitProcessError::SyscallOther(err) + })?; syscall.chroot(rootfs_path).map_err(|err| { tracing::error!(?err, ?rootfs_path, "failed to chroot"); InitProcessError::SyscallOther(err)