From: "Daniel P. Berrange" <berrange(a)redhat.com&gt; If the user requests a mount for /run, this may hide any existing mounts that are lower down in /run. The result is that the container still sees the mounts in /proc/mounts, but cannot access them sh-4.2# df df: '/run/user/501/gvfs': No such file or directory df: '/run/media/berrange/LIVE': No such file or directory df: '/run/media/berrange/SecureDiskA1': No such file or directory df: '/run/libvirt/lxc/sandbox': No such file or directory Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/vg_t500wlan-lv_root 151476396 135390200 8384900 95% / tmpfs 1970888 3204 1967684 1% /run /dev/sda1 194241 155940 28061 85% /boot devfs 64 0 64 0% /dev tmpfs 64 0 64 0% /sys/fs/cgroup tmpfs 1970888 1200 1969688 1% /etc/libvirt-sandbox/scratch Before mounting any filesystem at a particular location, we must recursively unmount anything at or below the target mount point Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; --- src/lxc/lxc_container.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index b4ad0c5..30738bb 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -1361,6 +1361,10 @@ static int lxcContainerMountAllFS(virDomainDefPtr vmDef, STREQ(vmDef->fss[i]->dst, "/")) continue; + if (lxcContainerUnmountSubtree(vmDef->fss[i]->dst, + false) < 0) + return -1; + if (lxcContainerMountFS(vmDef->fss[i], dstprefix, sec_mount_options) < 0) return -1; } -- 1.8.1.4