Comment 11 for bug 2064144

If I understand correctly, a proper replacement for

 mount options=(rw,make-unbindable) -> **,

is

 mount options=(rw,make-unbindable) -> /{,**},

It turned out that replacing it with:

 mount options=(rw,make-unbindable) -> /**,

does not work properly and restricts anything on /

(see also https://github.com/lxc/lxc/pull/4456 )