Add note about mount-propagation and engine 18.09+

Signed-off-by: Sebastiaan van Stijn <[email protected]>
docker · Jan 28, 2019 · 02013e2 · 02013e2
1 parent 0ca6c64
commit 02013e2
Showing 1 changed file with 42 additions and 1 deletion.
diff --git a/engine/release-notes.md b/engine/release-notes.md
@@ -25,7 +25,27 @@ consistency and compatibility reasons.
 ## 18.09.1
 2019-01-09
 
-### Security fixes for Docker Engine EE and CE 
+#### Important notes about this release
+
+In Docker versions prior to 18.09, containerd was managed by the Docker engine
+daemon. In Docker Engine 18.09, containerd is managed by systemd. Since containerd
+is managed by systemd, any custom configuration to the `docker.service` systemd
+configuration which changes mount settings (for example, `MountFlags=slave`) breaks
+interactions between the Docker Engine daemon and containerd, and you will not be
+able to start containers.
+
+Run the following command to get the current value of the `MountFlags` property
+for the `docker.service`:
+
+```bash
+sudo systemctl show --property=MountFlags docker.service
+MountFlags=
+```
+
+Update your configuration if this command prints a non-empty value for `MountFlags`,
+and restart the docker service.
+
+### Security fixes for Docker Engine EE and CE
 * Upgraded Go language to 1.10.6 to resolve [CVE-2018-16873](https://nvd.nist.gov/vuln/detail/CVE-2018-16873), [CVE-2018-16874](https://nvd.nist.gov/vuln/detail/CVE-2018-16874), and [CVE-2018-16875](https://nvd.nist.gov/vuln/detail/CVE-2018-16875).
 * Fixed authz plugin for 0-length content and path validation.
 * Added `/proc/asound` to masked paths [docker/engine#126](https://github.com/docker/engine/pull/126)
@@ -66,6 +86,27 @@ consistency and compatibility reasons.
 ## 18.09.0
 2018-11-08
 
+#### Important notes about this release
+
+In Docker versions prior to 18.09, containerd was managed by the Docker engine
+daemon. In Docker Engine 18.09, containerd is managed by systemd. Since containerd
+is managed by systemd, any custom configuration to the `docker.service` systemd
+configuration which changes mount settings (for example, `MountFlags=slave`) breaks
+interactions between the Docker Engine daemon and containerd, and you will not be
+able to start containers.
+
+Run the following command to get the current value of the `MountFlags` property
+for the `docker.service`:
+
+```bash
+sudo systemctl show --property=MountFlags docker.service
+MountFlags=
+```
+
+Update your configuration if this command prints a non-empty value for `MountFlags`,
+and restart the docker service.
+
+
 ### New features for Docker Engine EE 
 
 * [FIPS Compliance added for Windows Server 2016 and later](/install/windows/docker-ee)