diff --git a/src/agent/src/mount.rs b/src/agent/src/mount.rs index ca4253aea1..b941fe57be 100644 --- a/src/agent/src/mount.rs +++ b/src/agent/src/mount.rs @@ -16,6 +16,7 @@ use std::sync::Arc; use anyhow::{anyhow, Context, Result}; use kata_sys_util::mount::get_linux_mount_info; +use kata_types::mount::{KATA_MOUNT_OPTION_FS_GID, KATA_SHAREDFS_GUEST_PREMOUNT_TAG}; use nix::mount::MsFlags; use nix::unistd::{Gid, Uid}; use regex::Regex; @@ -39,10 +40,7 @@ use crate::Sandbox; use crate::{ccw, device::get_virtio_blk_ccw_device_name}; pub const TYPE_ROOTFS: &str = "rootfs"; -pub const MOUNT_GUEST_TAG: &str = "kataShared"; -// Allocating an FSGroup that owns the pod's volumes -const FS_GID: &str = "fsgid"; const FS_GID_EQ: &str = "fsgid="; const SYS_FS_HUGEPAGES_PREFIX: &str = "/sys/kernel/mm/hugepages"; @@ -233,7 +231,7 @@ async fn ephemeral_storage_handler( let opts = parse_options(&storage.options); // ephemeral_storage didn't support mount options except fsGroup. - if let Some(fsgid) = opts.get(FS_GID) { + if let Some(fsgid) = opts.get(KATA_MOUNT_OPTION_FS_GID) { let gid = fsgid.parse::()?; nix::unistd::chown(storage.mount_point.as_str(), None, Some(Gid::from_raw(gid)))?; @@ -360,7 +358,7 @@ async fn local_storage_handler( let opts = parse_options(&storage.options); let mut need_set_fsgid = false; - if let Some(fsgid) = opts.get(FS_GID) { + if let Some(fsgid) = opts.get(KATA_MOUNT_OPTION_FS_GID) { let gid = fsgid.parse::()?; nix::unistd::chown(storage.mount_point.as_str(), None, Some(Gid::from_raw(gid)))?; @@ -638,10 +636,12 @@ fn mount_storage(logger: &Logger, storage: &Storage) -> Result<()> { // There's a special mechanism to create mountpoint from a `sharedfs` instance before // starting the kata-agent. Check for such cases. - if storage.source == MOUNT_GUEST_TAG && is_mounted(&storage.mount_point)? { + if storage.source == KATA_SHAREDFS_GUEST_PREMOUNT_TAG && is_mounted(&storage.mount_point)? { warn!( logger, - "{} already mounted on {}, ignoring...", MOUNT_GUEST_TAG, &storage.mount_point + "{} already mounted on {}, ignoring...", + KATA_SHAREDFS_GUEST_PREMOUNT_TAG, + &storage.mount_point ); return Ok(()); } diff --git a/src/libs/kata-types/src/mount.rs b/src/libs/kata-types/src/mount.rs index 1c0e69d3ec..473e7d5c08 100644 --- a/src/libs/kata-types/src/mount.rs +++ b/src/libs/kata-types/src/mount.rs @@ -14,6 +14,9 @@ pub const KATA_VOLUME_TYPE_PREFIX: &str = "kata:"; /// The Mount should be ignored by the host and handled by the guest. pub const KATA_GUEST_MOUNT_PREFIX: &str = "kata:guest-mount:"; +/// The sharedfs volume is mounted by guest OS before starting the kata-agent. +pub const KATA_SHAREDFS_GUEST_PREMOUNT_TAG: &str = "kataShared"; + /// KATA_EPHEMERAL_DEV_TYPE creates a tmpfs backed volume for sharing files between containers. pub const KATA_EPHEMERAL_VOLUME_TYPE: &str = "ephemeral"; @@ -23,6 +26,9 @@ pub const KATA_HOST_DIR_VOLUME_TYPE: &str = "kata:hostdir"; /// KATA_MOUNT_INFO_FILE_NAME is used for the file that holds direct-volume mount info pub const KATA_MOUNT_INFO_FILE_NAME: &str = "mountInfo.json"; +/// Specify `fsgid` for a volume or mount, `fsgid=1`. +pub const KATA_MOUNT_OPTION_FS_GID: &str = "fsgid"; + /// KATA_DIRECT_VOLUME_ROOT_PATH is the root path used for concatenating with the direct-volume mount info file path pub const KATA_DIRECT_VOLUME_ROOT_PATH: &str = "/run/kata-containers/shared/direct-volumes";