mirror of
https://github.com/Start9Labs/start-os.git
synced 2026-03-31 12:33:40 +00:00
4e7d33b07f
Volume bind mounts into LXC containers inherited private propagation from the host source path, which prevented mounts made inside a container (e.g. NAS mounts via postinit.sh) from propagating back to the host. Dependent services bind-mounting the same volume from the host side would never see these internal mounts. Self-bind each host volume directory and mark it rshared so that container-internal mounts propagate back to the host path. Mark dependency mounts as rslave so they receive propagated mounts but cannot propagate mounts back to the source service. Because rshared propagation means mounts can survive container teardown, add defense-in-depth to uninstall cleanup: unmount any remaining mounts under the package volume path, then refuse to delete if any persist, preventing remove_dir_all from traversing into a live NFS/NAS mount and destroying data.