Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support bind propagation options for --volume #268

Merged
merged 1 commit into from
Jun 25, 2021

Conversation

ktock
Copy link
Member

@ktock ktock commented Jun 25, 2021

Fixes #261

This PR adds the following docker-compatible propagation option to bind mounts:

  • shared: The host and the container share mount events in the bind mount each other.
  • slave: The container receives mount events in the bind mount from the host. But the host doesn't receive events from the container.
  • private: Mount events in the bind mount doesn't propagate each other.
  • rshared: Similar as shared but the propagation type is applied to all mounts under the bind mount.
  • rslave: Similar as slave but the propagation type is applied to all mounts under the bind mount.
  • rprivate (default): Similar as private but the propagation type is applied to all mounts under the bind mount.

For more details about propagation, please see also shared subtree document of linux kernel.

# nerdctl run --rm -it \
          -v /tmp/shared-dir:/shared-dir:shared \
          -v /tmp/slave-dir:/slave-dir:slave \
          -v /tmp/non-shared-dir:/non-shared-dir \
          ubuntu:20.04 /bin/bash
root@01302060790a:/# cat /proc/$$/mountinfo | grep -- "-dir"
2080 1905 0:113 /shared-dir /shared-dir rw,nosuid,nodev,relatime shared:865 - tmpfs tmpfs rw,mode=777
2081 1905 0:113 /slave-dir /slave-dir rw,nosuid,nodev,relatime master:865 - tmpfs tmpfs rw,mode=777
2082 1905 0:113 /non-shared-dir /non-shared-dir rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=777

default:
return nil, errors.Errorf("failed to parse %q", s)
}
res.Mount = specs.Mount{
Type: "none",
Type: "bind",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why

Copy link
Member Author

@ktock ktock Jun 25, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because this is how docker does. But TIL runc ignores this for bind mounts.

https://github.com/opencontainers/runc/blob/v1.0.0/libcontainer/specconv/spec_linux.go#L344-L352

	if flags&unix.MS_BIND != 0 {
		// Any "type" the user specified is meaningless (and ignored) for
		// bind-mounts -- so we set it to "bind" because rootfs_linux.go
		// (incorrectly) relies on this for some checks.
		device = "bind"
		if !filepath.IsAbs(source) {
			source = filepath.Join(cwd, m.Source)
		}
	}

Reverted this to "none".

// the mountpoint can be a slave of the host mount.
specOpts = append(specOpts, func(ctx context.Context, cli oci.Client, c *containers.Container, s *oci.Spec) error {
rootpg := s.Linux.RootfsPropagation
if rootpg != "shared" && rootpg != "rshared" && rootpg != "slave" && rootpg != "rslave" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use switch{}

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed this.

Copy link
Member

@AkihiroSuda AkihiroSuda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support bind propagation options for --volume
2 participants