Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/dev/shm should be mounted even in rootless mode. #1777

Merged
merged 1 commit into from
Nov 30, 2018
Merged

/dev/shm should be mounted even in rootless mode. #1777

merged 1 commit into from
Nov 30, 2018

Conversation

rhatdan
Copy link
Member

@rhatdan rhatdan commented Nov 8, 2018

Currently we are mounting /dev/shm from disk, it should be from a tmpfs.
User Namespace supports tmpfs mounts for nonroot users, so this section of
code should work fine in bother root and rootless mode.

Signed-off-by: Daniel J Walsh [email protected]

@rhatdan
Copy link
Member Author

rhatdan commented Nov 8, 2018

@giuseppe PTAL

@rhatdan
Copy link
Member Author

rhatdan commented Nov 8, 2018

FIxes #1770

@rhatdan
Copy link
Member Author

rhatdan commented Nov 8, 2018

@mheon @baude @umohnani8 @vrothberg PTAL

@giuseppe
Copy link
Member

giuseppe commented Nov 8, 2018

LGTM

TomSweeneyRedHat
TomSweeneyRedHat reviewed Nov 8, 2018
View reviewed changes
libpod/container_internal.go Outdated
if err != nil {
return "", errors.Wrapf(err, "unable to determine if %q is mounted", c.config.ShmDir)
}
// TODO: generalize this mount code so it will mount every mount in ctr.config.Mounts
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we or should we have an issue for that? If so could you note it here please?

@TomSweeneyRedHat
Copy link
Member

LGTM, but test look like they're sputtering.

@rhatdan
Copy link
Member Author

rhatdan commented Nov 14, 2018

@giuseppe Any idea why this keeps blowing up?

@giuseppe
Copy link
Member

@giuseppe Any idea why this keeps blowing up?

I think it was something wrong on the CI. I've tested the change locally and it worked for me. Let's see if it works now after the rebase

giuseppe
giuseppe reviewed Nov 16, 2018
View reviewed changes
test/e2e/rootless_test.go Outdated
Skip("User namespaces not supported.")
}
env := os.Environ()
cmd := podmanTest.PodmanAsUser([]string{"run", "--shm-size=40m", ALPINE, "grep", "shm", "/proc/self/mountinfo"}, 1000, 0, env)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this won't be enough to setup the rootless environment. What we are doing now, through runRootlessHelper, since we have no user configured is to setup the environment and use a single mapping inside of the container that runs with --rootfs.

Could you add the new test to runRootlessHelper? Otherwise feel free to skip it for now and I can take a look at it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will try one more time.

@giuseppe giuseppe mentioned this pull request Nov 20, 2018
Closed
@rhatdan
Copy link
Member Author

rhatdan commented Nov 28, 2018

bot, retest this please

@rhatdan
/dev/shm should be mounted even in rootless mode.
a5be3ff 
Currently we are mounting /dev/shm from disk, it should be from a tmpfs.
User Namespace supports tmpfs mounts for nonroot users, so this section of
code should work fine in bother root and rootless mode.

Signed-off-by: Daniel J Walsh <[email protected]>
@rhatdan
Copy link
Member Author

rhatdan commented Nov 29, 2018

@giuseppe @baude @mheon @vrothberg @umohnani8 PTAL

I could not get the tests to pass, so lets get this in, and can @giuseppe open a PR to add tests.

@giuseppe
Copy link
Member

LGTM

@mheon
Copy link
Member

mheon commented Nov 30, 2018

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Nov 30, 2018
@rhatdan
Copy link
Member Author

rhatdan commented Nov 30, 2018

/approve

@openshift-ci-robot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rhatdan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 30, 2018
@openshift-merge-robot openshift-merge-robot merged commit 36364b1 into containers:master Nov 30, 2018
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 27, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 27, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@TomSweeneyRedHat TomSweeneyRedHat TomSweeneyRedHat left review comments

@giuseppe giuseppe giuseppe left review comments

@baude baude Awaiting requested review from baude

@mheon mheon Awaiting requested review from mheon

Assignees

@mheon mheon

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@rhatdan @giuseppe @TomSweeneyRedHat @mheon @openshift-ci-robot @openshift-merge-robot