bind mount creates a directory on the underlying filesystem even if overlay applied

[stepancheg]

Description

        {
            "destination": "/xx",
            "type": "bind",
            "source": "/etc",
            "options": [
                "bind",
                "rprivate",
                "rw"
            ]
        }

creates a directory /xx in the rootfs, even if overlay applied.

Steps to reproduce

runsc spec -bundle ~/bu

the change rootfs to / (for simplicity) and add section with bindmount like posted above.

Full config.json https://gist.github.com/stepancheg/5df51fa676eb13a7f10f1d333877d67c

Check there's no /xx:

ls -ld /xx

Start the container

runsc -alsologtostderr -overlay2=all:memory run -bundle ~/bu xx

and kill it. Directory /xx now exists on the filesystem outside of container.

runsc version

runsc --version
runsc version release-20251110.0-31-g8bc2d00d53cc
spec: 1.1.0-rc.1

built today (21 Nov 2025) from revision 8bc2d00.

uname

Linux xxx 6.14.0-1015-gcp #16-Ubuntu SMP Tue Aug 19 00:02:17 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

repo state (if built from source)

release-20251110.0-31-g8bc2d00d5

runsc debug logs (if available)

https://gist.github.com/stepancheg/1cef681e0a9bb24b42bbd9047a7fa7e9