github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-04 02:56:18 +00:00
Code Issues Projects Releases Wiki Activity

virtcontainers: set private propagation in rootfs

Browse Source 
When overlay is used as storage driver, kata runtime creates a new bind mount
point to the merged directory, that way this directory can be shared with the
VM through 9p. By default the mount propagation is shared, that means mount
events are propagated, but umount events not, to deal with this problem and to
avoid left mount points in the host once container finishes, the mount
propagation of bind mounts should be set to private.

Depends-on: github.com/kata-containers/tests#971

fixes #794

Signed-off-by: Julio Montes <julio.montes@intel.com>
This commit is contained in:
Julio Montes 2018-12-05 12:25:36 -06:00
parent ca528285cf
commit b029e442b2
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
virtcontainers/mount.go
View File

@ -248,10 +248,16 @@ func bindMount(ctx context.Context, source, destination string, readonly bool) e
if err := ensureDestinationExists(absSource, destination); err != nil { if err := ensureDestinationExists(absSource, destination); err != nil {
return fmt.Errorf("Could not create destination mount point %v: %v", destination, err) return fmt.Errorf("Could not create destination mount point %v: %v", destination, err)
} else if err := syscall.Mount(absSource, destination, "bind", syscall.MS_BIND, ""); err != nil { }
if err := syscall.Mount(absSource, destination, "bind", syscall.MS_BIND, ""); err != nil {
return fmt.Errorf("Could not bind mount %v to %v: %v", absSource, destination, err) return fmt.Errorf("Could not bind mount %v to %v: %v", absSource, destination, err)
} }
if err := syscall.Mount("none", destination, "", syscall.MS_PRIVATE, ""); err != nil {
return fmt.Errorf("Could not make mount point %v private: %v", destination, err)
}
// For readonly bind mounts, we need to remount with the readonly flag. // For readonly bind mounts, we need to remount with the readonly flag.
// This is needed as only very recent versions of libmount/util-linux support "bind,ro" // This is needed as only very recent versions of libmount/util-linux support "bind,ro"
if readonly { if readonly {