Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix mount error when chmod RO tmpfs #2570

Merged

Conversation

EduardoVega
Copy link
Contributor

@EduardoVega EduardoVega commented Aug 28, 2020

Based on the comments, this will mount the filesystem rw, then chmod, and finally remount it with ro.

Fixes #2246

Signed-off-by: Eduardo Vega edvegavalerio@gmail.com

@EduardoVega EduardoVega force-pushed the 2246-fix-chmod-ro-tmpfs-mount branch from e9412d9 to c8e2cfa Compare August 28, 2020 22:42
AkihiroSuda
AkihiroSuda previously approved these changes Aug 29, 2020
@EduardoVega
Copy link
Contributor Author

@AkihiroSuda I have squashed the commits, they were not initially.

AkihiroSuda
AkihiroSuda previously approved these changes Sep 10, 2020
@AkihiroSuda
Copy link
Member

@kolyshkin PTAL

Copy link
Contributor

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

left some suggestions

Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
@EduardoVega
Copy link
Contributor Author

Thanks. I have completed all requested changes.

Copy link
Contributor

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kolyshkin
Copy link
Contributor

@AkihiroSuda @mrunalp PTAL

@AkihiroSuda AkihiroSuda merged commit 9d4c02c into opencontainers:master Oct 26, 2020
rpluem-vf added a commit to rpluem-vf/runc that referenced this pull request Apr 3, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options
set fail in rootless mode if the same options are not set for the bind
mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again
with roset. Follow the same approach for nodev, nosuid, noexec .

Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf added a commit to rpluem-vf/runc that referenced this pull request Apr 3, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options
set fail in rootless mode if the same options are not set for the bind
mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again
with roset. Follow the same approach for nodev, nosuid, noexec .

Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf added a commit to rpluem-vf/runc that referenced this pull request Apr 4, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options
set fail in rootless mode if the same options are not set for the bind
mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again
with roset. Follow the same approach for nodev, nosuid, noexec .

Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf added a commit to rpluem-vf/runc that referenced this pull request Apr 5, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options
set fail in rootless mode if the same options are not set for the bind
mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again
with ro set. Follow the same approach for nodev, nosuid, noexec.

Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf added a commit to rpluem-vf/runc that referenced this pull request Apr 18, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options
set fail in rootless mode if the same options are not set for the bind
mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again
with ro set. Follow the same approach for nodev, nosuid, noexec.

Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf added a commit to rpluem-vf/runc that referenced this pull request Apr 24, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options
set fail in rootless mode if the same options are not set for the bind
mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again
with ro set. Follow the same approach for nodev, nosuid, noexec.

Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf added a commit to rpluem-vf/runc that referenced this pull request Apr 25, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options
set fail in rootless mode if the same options are not set for the bind
mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again
with ro set. Follow the same approach for nodev, nosuid, noexec.

Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf added a commit to rpluem-vf/runc that referenced this pull request Apr 26, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options
set fail in rootless mode if the same options are not set for the bind
mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again
with ro set. Follow the same approach for nodev, nosuid, noexec.

Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf added a commit to rpluem-vf/runc that referenced this pull request May 9, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options
set fail in rootless mode if the same options are not set for the bind
mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again
with ro set. Follow the same approach for nodev, nosuid, noexec.

Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf added a commit to rpluem-vf/runc that referenced this pull request Jun 2, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options
set fail in rootless mode if the same options are not set for the bind
mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again
with ro set. Follow the same approach for nodev, nosuid, noexec.

Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf added a commit to rpluem-vf/runc that referenced this pull request Jun 12, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec,
noatime, relatime, strictatime, nodiratime options set fail in rootless
mode if the same options are not set for the bind mount.
For ro filesystems this was resolved by opencontainers#2570 by remounting again
with ro set.

Follow the same approach for nodev, nosuid, noexec, noatime, relatime,
strictatime, nodiratime but allow to revert back to the old behaviour
via the new `--no-mount-fallback` command line option.

Add a testcase to verify that bind mounts of filesystems with nodev,
nosuid, noexec, noatime options set work in rootless mode.
Add a testcase that mounts a nodev, nosuid, noexec, noatime filesystem
with a ro flag.
Add two further testcases that ensure that the above testcases would
fail if the `--no-mount-fallback` command line option is set.

* contrib/completions/bash/runc:
      Add `--no-mount-fallback` command line option for bash completion.

* create.go:
      Add `--no-mount-fallback` command line option.

* restore.go:
      Add `--no-mount-fallback` command line option.

* run.go:
      Add `--no-mount-fallback` command line option.

* libcontainer/configs/config.go:
      Add `NoMountFallback` field to the `Config` struct to store
      the command line option value.

* libcontainer/specconv/spec_linux.go:
      Add `NoMountFallback` field to the `CreateOpts` struct to store
      the command line option value and store it in the libcontainer
      config.

* utils_linux.go:
      Store the command line option value in the `CreateOpts` struct.

* libcontainer/rootfs_linux.go:
      In case that `--no-mount-fallback` is not set try to remount the
      bind filesystem again with the options nodev, nosuid, noexec,
      noatime, relatime, strictatime or nodiratime if they are set on
      the source filesystem.

* tests/integration/mounts_sshfs.bats:
      Add testcases and rework sshfs setup to allow specifying
      different mount options depending on the test case.

Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf added a commit to rpluem-vf/runc that referenced this pull request Jul 12, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec,
noatime, relatime, strictatime, nodiratime options set fail in rootless
mode if the same options are not set for the bind mount.
For ro filesystems this was resolved by opencontainers#2570 by remounting again
with ro set.

Follow the same approach for nodev, nosuid, noexec, noatime, relatime,
strictatime, nodiratime but allow to revert back to the old behaviour
via the new `--no-mount-fallback` command line option.

Add a testcase to verify that bind mounts of filesystems with nodev,
nosuid, noexec, noatime options set work in rootless mode.
Add a testcase that mounts a nodev, nosuid, noexec, noatime filesystem
with a ro flag.
Add two further testcases that ensure that the above testcases would
fail if the `--no-mount-fallback` command line option is set.

* contrib/completions/bash/runc:
      Add `--no-mount-fallback` command line option for bash completion.

* create.go:
      Add `--no-mount-fallback` command line option.

* restore.go:
      Add `--no-mount-fallback` command line option.

* run.go:
      Add `--no-mount-fallback` command line option.

* libcontainer/configs/config.go:
      Add `NoMountFallback` field to the `Config` struct to store
      the command line option value.

* libcontainer/specconv/spec_linux.go:
      Add `NoMountFallback` field to the `CreateOpts` struct to store
      the command line option value and store it in the libcontainer
      config.

* utils_linux.go:
      Store the command line option value in the `CreateOpts` struct.

* libcontainer/rootfs_linux.go:
      In case that `--no-mount-fallback` is not set try to remount the
      bind filesystem again with the options nodev, nosuid, noexec,
      noatime, relatime, strictatime or nodiratime if they are set on
      the source filesystem.

* tests/integration/mounts_sshfs.bats:
      Add testcases and rework sshfs setup to allow specifying
      different mount options depending on the test case.

Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
kolyshkin pushed a commit to rpluem-vf/runc that referenced this pull request Jul 28, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec,
noatime, relatime, strictatime, nodiratime options set fail in rootless
mode if the same options are not set for the bind mount.
For ro filesystems this was resolved by opencontainers#2570 by remounting again
with ro set.

Follow the same approach for nodev, nosuid, noexec, noatime, relatime,
strictatime, nodiratime but allow to revert back to the old behaviour
via the new `--no-mount-fallback` command line option.

Add a testcase to verify that bind mounts of filesystems with nodev,
nosuid, noexec, noatime options set work in rootless mode.
Add a testcase that mounts a nodev, nosuid, noexec, noatime filesystem
with a ro flag.
Add two further testcases that ensure that the above testcases would
fail if the `--no-mount-fallback` command line option is set.

* contrib/completions/bash/runc:
      Add `--no-mount-fallback` command line option for bash completion.

* create.go:
      Add `--no-mount-fallback` command line option.

* restore.go:
      Add `--no-mount-fallback` command line option.

* run.go:
      Add `--no-mount-fallback` command line option.

* libcontainer/configs/config.go:
      Add `NoMountFallback` field to the `Config` struct to store
      the command line option value.

* libcontainer/specconv/spec_linux.go:
      Add `NoMountFallback` field to the `CreateOpts` struct to store
      the command line option value and store it in the libcontainer
      config.

* utils_linux.go:
      Store the command line option value in the `CreateOpts` struct.

* libcontainer/rootfs_linux.go:
      In case that `--no-mount-fallback` is not set try to remount the
      bind filesystem again with the options nodev, nosuid, noexec,
      noatime, relatime, strictatime or nodiratime if they are set on
      the source filesystem.

* tests/integration/mounts_sshfs.bats:
      Add testcases and rework sshfs setup to allow specifying
      different mount options depending on the test case.

Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

chmod on read-only tmpfs
4 participants