Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support bind propagation options for --volume #268

Merged
merged 1 commit into from
Jun 25, 2021
Merged

Support bind propagation options for --volume #268

merged 1 commit into from
Jun 25, 2021

Conversation

ktock
Copy link
Member

@ktock ktock commented Jun 25, 2021

Fixes #261

This PR adds the following docker-compatible propagation option to bind mounts:

  • shared: The host and the container share mount events in the bind mount each other.
  • slave: The container receives mount events in the bind mount from the host. But the host doesn't receive events from the container.
  • private: Mount events in the bind mount doesn't propagate each other.
  • rshared: Similar as shared but the propagation type is applied to all mounts under the bind mount.
  • rslave: Similar as slave but the propagation type is applied to all mounts under the bind mount.
  • rprivate (default): Similar as private but the propagation type is applied to all mounts under the bind mount.

For more details about propagation, please see also shared subtree document of linux kernel.

# nerdctl run --rm -it \
          -v /tmp/shared-dir:/shared-dir:shared \
          -v /tmp/slave-dir:/slave-dir:slave \
          -v /tmp/non-shared-dir:/non-shared-dir \
          ubuntu:20.04 /bin/bash
root@01302060790a:/# cat /proc/$$/mountinfo | grep -- "-dir"
2080 1905 0:113 /shared-dir /shared-dir rw,nosuid,nodev,relatime shared:865 - tmpfs tmpfs rw,mode=777
2081 1905 0:113 /slave-dir /slave-dir rw,nosuid,nodev,relatime master:865 - tmpfs tmpfs rw,mode=777
2082 1905 0:113 /non-shared-dir /non-shared-dir rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=777

AkihiroSuda
AkihiroSuda reviewed Jun 25, 2021
View reviewed changes
pkg/mountutil/mountutil.go Outdated
default:
return nil, errors.Errorf("failed to parse %q", s)
}
res.Mount = specs.Mount{
Type: "none",
Type: "bind",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why

Copy link
Member Author

@ktock ktock Jun 25, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because this is how docker does. But TIL runc ignores this for bind mounts.

https://github.com/opencontainers/runc/blob/v1.0.0/libcontainer/specconv/spec_linux.go#L344-L352

	if flags&unix.MS_BIND != 0 {
		// Any "type" the user specified is meaningless (and ignored) for
		// bind-mounts -- so we set it to "bind" because rootfs_linux.go
		// (incorrectly) relies on this for some checks.
		device = "bind"
		if !filepath.IsAbs(source) {
			source = filepath.Join(cwd, m.Source)
		}
	}

Reverted this to "none".

AkihiroSuda
AkihiroSuda reviewed Jun 25, 2021
View reviewed changes
pkg/mountutil/mountutil_linux.go Outdated
// the mountpoint can be a slave of the host mount.
specOpts = append(specOpts, func(ctx context.Context, cli oci.Client, c *containers.Container, s *oci.Spec) error {
rootpg := s.Linux.RootfsPropagation
if rootpg != "shared" && rootpg != "rshared" && rootpg != "slave" && rootpg != "rslave" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use switch{}

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed this.

AkihiroSuda
AkihiroSuda approved these changes Jun 25, 2021
View reviewed changes
Copy link
Member

@AkihiroSuda AkihiroSuda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks

@ktock
Support bind propagation options for --volume
ebf52bd 
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
@AkihiroSuda AkihiroSuda merged commit 2eb0a27 into containerd:master Jun 25, 2021
@AkihiroSuda AkihiroSuda added this to the v0.10.0 milestone Jun 25, 2021
@ktock ktock deleted the mountpropagation branch October 5, 2021 12:56
@AkihiroSuda AkihiroSuda mentioned this pull request Sep 4, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

Assignees
No one assigned
Labels
impact/major
Projects
None yet
Milestone
v0.10.0
Development

Successfully merging this pull request may close these issues.

Support bind propagation options for --volume
2 participants
@ktock @AkihiroSuda