Merge pull request #2272 from openshift-cherrypick-robot/cherry-pick-2269-to-release-1.57

openshift-merge-bot[bot] · web-flow · commit e0f1f0c979fc · 2025-03-06T20:21:32.000Z
[release-1.57] idmap: force PRIVATE propagation
diff --git a/pkg/idmap/idmapped_utils.go b/pkg/idmap/idmapped_utils.go
@@ -33,8 +33,9 @@ func CreateIDMappedMount(source, target string, pid int) error {
 
 	if err := unix.MountSetattr(targetDirFd, "", unix.AT_EMPTY_PATH|unix.AT_RECURSIVE,
 		&unix.MountAttr{
-			Attr_set:  unix.MOUNT_ATTR_IDMAP,
-			Userns_fd: uint64(userNsFile.Fd()),
+			Attr_set:    unix.MOUNT_ATTR_IDMAP,
+			Userns_fd:   uint64(userNsFile.Fd()),
+			Propagation: unix.MS_PRIVATE,
 		}); err != nil {
 		return &os.PathError{Op: "mount_setattr", Path: source, Err: err}
 	}
