The rationale here is simply that if the host can see all
the mounts, then any program on the host entering a new
mount namespace can keep the mountpoints active.
This can potentially lead to hard-to-track problems with
multiple mount protection or NFS storages not syncing to the
end when stop-migrating a container to another node.
PVE::LXC::update_lxc_config($storage_cfg, $vmid, $conf);
- my $cmd = ['lxc-start', '-n', $vmid];
+ my $cmd = ['unshare', '-m', '--',
+ 'sh', '-c', "mount --make-rslave / && exec lxc-start -n $vmid"];
run_command($cmd);