From 02013e2d1cefde71106a440ef667fa4ff7b6651e Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Wed, 9 Jan 2019 15:07:10 +0100
Subject: [PATCH] Add note about mount-propagation and engine 18.09+

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 engine/release-notes.md | 43 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 42 insertions(+), 1 deletion(-)

diff --git a/engine/release-notes.md b/engine/release-notes.md
index 2ab6a84992f..876f83869a7 100644
--- a/engine/release-notes.md
+++ b/engine/release-notes.md
@@ -25,7 +25,27 @@ consistency and compatibility reasons.
 ## 18.09.1
 2019-01-09
 
-### Security fixes for Docker Engine EE and CE 
+#### Important notes about this release
+
+In Docker versions prior to 18.09, containerd was managed by the Docker engine
+daemon. In Docker Engine 18.09, containerd is managed by systemd. Since containerd
+is managed by systemd, any custom configuration to the `docker.service` systemd
+configuration which changes mount settings (for example, `MountFlags=slave`) breaks
+interactions between the Docker Engine daemon and containerd, and you will not be
+able to start containers.
+
+Run the following command to get the current value of the `MountFlags` property
+for the `docker.service`:
+
+```bash
+sudo systemctl show --property=MountFlags docker.service
+MountFlags=
+```
+
+Update your configuration if this command prints a non-empty value for `MountFlags`,
+and restart the docker service.
+
+### Security fixes for Docker Engine EE and CE
 * Upgraded Go language to 1.10.6 to resolve [CVE-2018-16873](https://nvd.nist.gov/vuln/detail/CVE-2018-16873), [CVE-2018-16874](https://nvd.nist.gov/vuln/detail/CVE-2018-16874), and [CVE-2018-16875](https://nvd.nist.gov/vuln/detail/CVE-2018-16875).
 * Fixed authz plugin for 0-length content and path validation.
 * Added `/proc/asound` to masked paths [docker/engine#126](https://github.com/docker/engine/pull/126)
@@ -66,6 +86,27 @@ consistency and compatibility reasons.
 ## 18.09.0
 2018-11-08
 
+#### Important notes about this release
+
+In Docker versions prior to 18.09, containerd was managed by the Docker engine
+daemon. In Docker Engine 18.09, containerd is managed by systemd. Since containerd
+is managed by systemd, any custom configuration to the `docker.service` systemd
+configuration which changes mount settings (for example, `MountFlags=slave`) breaks
+interactions between the Docker Engine daemon and containerd, and you will not be
+able to start containers.
+
+Run the following command to get the current value of the `MountFlags` property
+for the `docker.service`:
+
+```bash
+sudo systemctl show --property=MountFlags docker.service
+MountFlags=
+```
+
+Update your configuration if this command prints a non-empty value for `MountFlags`,
+and restart the docker service.
+
+
 ### New features for Docker Engine EE 
 
 * [FIPS Compliance added for Windows Server 2016 and later](/install/windows/docker-ee)