From 57f16412cc19aff5e68631c704c2e4071c3a7bdb Mon Sep 17 00:00:00 2001
From: Ayush Ranjan <ayushranjan@google.com>
Date: Thu, 5 Dec 2024 16:01:35 -0800
Subject: [PATCH] Retry remounting the sandbox chroot as read-only if the mount
 is busy.

Updates #10965

PiperOrigin-RevId: 703281270
---
 runsc/cmd/chroot.go | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/runsc/cmd/chroot.go b/runsc/cmd/chroot.go
index b1ae38c431..89fac7a7da 100644
--- a/runsc/cmd/chroot.go
+++ b/runsc/cmd/chroot.go
@@ -20,6 +20,7 @@ import (
 	"path"
 	"path/filepath"
 	"strings"
+	"time"
 
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"golang.org/x/sys/unix"
@@ -187,8 +188,19 @@ func setUpChroot(spec *specs.Spec, conf *config.Config) error {
 		return fmt.Errorf("error configuring chroot for TPU devices: %w", err)
 	}
 
-	if err := specutils.SafeMount("", chroot, "", unix.MS_REMOUNT|unix.MS_RDONLY|unix.MS_BIND, "", "/proc"); err != nil {
-		return fmt.Errorf("error remounting chroot in read-only: %v", err)
+	// NOTE(gvisor.dev/issue/10965): Some systems have intermittent EBUSY errors
+	// when trying to remount the chroot as read-only. Retry a few times to
+	// work around this.
+	for i := 0; i < 3; i++ {
+		if err := specutils.SafeMount("", chroot, "", unix.MS_REMOUNT|unix.MS_RDONLY|unix.MS_BIND, "", "/proc"); err != nil {
+			if err == unix.EBUSY && i < 2 {
+				log.Warningf("chroot mount was busy when trying to remount it as read-only, retrying...")
+				time.Sleep(50 * time.Millisecond)
+				continue
+			}
+			return fmt.Errorf("error remounting chroot in read-only: %v", err)
+		}
+		break
 	}
 
 	return pivotRoot(chroot)