A node's private mounts are currently removed before killing
vnoded, which makes them unavailable during container service
shutdown. Any such service accessing the filesystem for atexit()
cleanup (e.g., rsyslogd), will do so on the host filesystem
instead, very likely causing unintended damage.
For example, the default behavior of rsyslogd is to remove its
listening socket (/dev/log, or /run/systemd/journal/dev-log) at
shutdown from its atexit() handler. If the node's private '/dev'
or '/run/systemd/journal' mount has already been removed, the
host-side /dev/log or /run/systemd/journal/dev-log sockets will
be removed instead!
Since non-persistent (mount) namespaces are automatically
destroyed by the kernel when the last process referencing them
is killed, we should simply rely on that behavior instead of
explicitly (and prematurely) unmounting a node's private
directories during shutdown.
Signed-off-by: Gabriel Somlo <glsomlo@cert.org>
a5ae485fa6