test: firecracker-microvm#1099 jailer mount propagation

Author: anthonycorletti

tests/integration_tests/security/test_jail.py

@@ -664,3 +664,29 @@ def test_cgroupsv2_written_only_once(uvm_plain, cgroups_info):
     assert len(write_lines) == 1
     assert len(mkdir_lines) != len(cgroups), "mkdir equal to number of cgroups"
     assert len(mkdir_lines) == 1
+
+
+def test_mount_proagation_to_root(uvm_plain, tmp_path):
+    """
+    Test that the jailer mounts are propagated to the root mount namespace which
+    in this case is "SLAVE".
+
+    https://github.com/firecracker-microvm/firecracker/pull/1093
+    """
+    test_microvm = uvm_plain
+
+    # Setup the environment
+    pseudo_root_path = tmp_path / "pseudo_root"
+    pseudo_root_path.mkdir()
+
+    test_microvm.jailer.exec_file = test_microvm.fc_binary_path
+    test_microvm.jailer.extra_args = {"chroot-base-dir": str(pseudo_root_path)}
+
+    # Execute the test scenario
+    test_microvm.spawn()
+
+    # Perform checks and assertions
+    mount_info = subprocess.check_output(["mount"]).decode()
+    assert "shared" in mount_info or "slave" in mount_info, (
+        "Mount propagation type is not SLAVE"
+    )