config: Document 'rbind' and 'bind' mount options extensions

[wking]

My last attempt to get (recursive) bind mounts documented was in #530, which was rejected based on “MS_REC makes no sense what-so-ever outside of a bind mount”. That doesn't make sense to me, with mount(8) exposing MS_REC | MS_SHARED as --make-rshared, MS_REC | MS_SLAVE as --make-rslave, etc., but here's a reroll that uses rbind and bind instead, with a goal of specifying the (recursive) bind syntax so runtime-tools can rely on that instead of blindly assuming runtimes support an unspecified bind syntax.

[mrunalp]

I think we should link to the kernel documents instead.

[dqminh]

I dont think there's a kernel doc for this. Since we are converting the list of known strings values (i.e. rbind,noatime,slave etc to a list of mount flags), maybe having a table of required mappings to refer to here is useful.

For example taken from https://github.com/opencontainers/runc/blob/653207bc29a6d2d62b5d4f55b596467cb715a128/libcontainer/specconv/spec_linux.go#L630

flags	syscall
bind	syscall.MS_BIND
rbind	syscall.MS_BIND | syscall.MS_REC

[wking]

On Wed, Apr 26, 2017 at 08:28:36AM -0700, Daniel, Dao Quang Minh wrote: rbind | syscall.MS_BIND | syscall.MS_REC

Now that we're becoming very clear about the mapping between ‘options’ and MS_* constants, do maintainers want to revisit a separate string for MS_REC (like the ‘recursive’ I floated in #530)? Or are we forging ahead with r* options for common MS_REC & MS_* pairings? We could just link to mount(2) or [1] to define the MS_* values instead of including a table. ‘rlimit’ would no longer be supported, which has a backwards-compat cost, but we'd be able to get out of the business of defining a wrapper around the kernel API (and based on #780 that's a business we want to get out of). [1]: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/include/uapi/linux/fs.h?id=refs/tags/v4.10.12#n104

[crosbymichael]

@wking NO

When I said rec makes no sense outside of binds, that was because you used binds in your examples and I try to simplify things for you because you take everything so literally.

rec is never used by itself and the format and options are spec'd based on fstab style that are common between /etc/fstab and mount(8).

I like @dqminh suggestion on the table if you feel like you must write more docs on this. Just follow the list that is already in the code and don't make up anything, document as is.

[wking]

I like @dqminh suggestion on the table…

That's pretty much what I have now, with the list here. It currently only covers bind and rbind. Do I need to convert that list to a table? Do I need to fill it out with the other entries from runC?

I expect we do need to fill it out somewhat, but don't think that has to happen in this PR. This PR can establish the pattern (table or list, wording pattern for each entry, etc.) and then once we get something landed I'll file a followup adding the other entries that aren't covered by the mount(8) references.

[crosbymichael]

I'm not a fan of the current PR contents and would rather not specify rbind and bind without the others. They should be no different than any of the others.

[wking]

I'm not a fan of the current PR contents…

Is there anything other than which values are explicitly listed in the spec you would like to see changed?

… and would rather not specify rbind and bind without the others. They should be no different than any of the others.

Of the options listed in runC's flags, bind and rbind are the only ones not covered by mount(8) filesystem-independent options (source here). RunC differs from the mount page in defining defaults as a no-op, while the man page defines it as rw (clear MS_RDONLY), suid (clear MS_NOSUID), dev (clear MS_NODEV), exec (clear MS_NOEXEC), auto (clear MS_NOAUTO), nouser (clear MS_USER), and async (clear MS_SYNCHRONOUS). The man page also defines silent and loud (set and clear MS_SILENT), which are not supported in runC (at least as of 1.0.0-rc3). The other filesystem-independent options from the man page look like they're backed by data and not mountflags in the mount(2) call.

So if this PR lands as it stands in bd28d9b, I expect runC will need to fix default and add silent and loud. If we want runC to be compliant as it stands, we'll have to drop the filesystem-independent mount(8) reference and inline a list with all of the MS_*-backed entries and then say something like “any unrecognized options are passed to mount(2) as data”. Or is there a third approach I'm missing that still allows compliance testing? And which approach sounds best to you?

[wking]

Rerolled in bd28d9b → 4b1b93f to target mount(2) and replace the list with a table as discussed in yesterday's meeting. Since I was clarifying the mountflags and data values, I went ahead and clearly tied the other properties to mount(2) as well. This should be a no-op as far as spec-consumers are concerned unless they were using the unspecified bind type without putting (r)bind in options.

There are still a number of differences vs. runC where runC diverges from mount(8)'s filesystem-independent options:

• The effect of defaults, as described earlier. We could follow runC and make defaults a no-op, but I don't see a point to that (who would put defaults in their options knowing it is a no-op?).
• Missing support: silent, loud (as described earlier), (no)iversion, (no)lazytime. And the mount(8) filesystem-specific options which are represented by MS_* flags: (no)acl. And the mount(8) double-dash options which are represented by MS_* flags: move. We could follow runC and not define options for the missing MS_* settings, but that just breaks consumers who try to use them (since runtimes would have to pass lazytime, etc. through in data instead of setting MS_LAZYTIME).

I'm happy to submit patches to runC to correct those issues. But if runC patches are not acceptable and maintainers won't accept this PR unless I strictly match the current runC implementation, please say so again (ideally with some sort of motivation) and I'll spin them off into follow-up PRs.

More details in the commit message for those who are interested.

[wking]

I've filed opencontainers/runc#1460, opencontainers/runc#1461, opencontainers/runc#1462, and opencontainers/runc#1463 addressing the missing options from mount(8).

I have not filed a runC PR for MS_MOVE yet, because the current spec does not claim support for it. We'll see how the missing-option PRs play out, and I may file a MS_MOVE PR if they go over well.

[wking]

Can we re-open this now that opencontainers/runc#1460 has landed?