From 08909b2213a23ab00a442a505f4b1a146e34b41b Mon Sep 17 00:00:00 2001 From: Sebastien Boeuf Date: Tue, 27 Mar 2018 15:37:38 -0700 Subject: [PATCH 1/2] virtcontainers: Don't ignore container mounts based on their path Instead of ignoring containers based on their path, this commit relies on the type of mount being "bind" to choose if this mount should be ignored or not. For instance, we have some use cases where k8s expects the path "/dev/container-log" to be bind mounted inside the container, but the code ignores it because it has the prefix "/dev" which is a system prefix mount. Fixes #122 Signed-off-by: Sebastien Boeuf --- virtcontainers/container.go | 2 +- virtcontainers/mount.go | 12 ------------ virtcontainers/mount_test.go | 24 ------------------------ 3 files changed, 1 insertion(+), 37 deletions(-) diff --git a/virtcontainers/container.go b/virtcontainers/container.go index 47380131b3..fa949fa963 100644 --- a/virtcontainers/container.go +++ b/virtcontainers/container.go @@ -300,7 +300,7 @@ func (c *Container) createContainersDirs() error { func (c *Container) mountSharedDirMounts(hostSharedDir, guestSharedDir string) ([]Mount, error) { var sharedDirMounts []Mount for idx, m := range c.mounts { - if isSystemMount(m.Destination) || m.Type != "bind" { + if m.Type != "bind" { continue } diff --git a/virtcontainers/mount.go b/virtcontainers/mount.go index adffa21aab..2502ac1e85 100644 --- a/virtcontainers/mount.go +++ b/virtcontainers/mount.go @@ -29,18 +29,6 @@ import ( var rootfsDir = "rootfs" -var systemMountPrefixes = []string{"/proc", "/dev", "/sys"} - -func isSystemMount(m string) bool { - for _, p := range systemMountPrefixes { - if m == p || strings.HasPrefix(m, p+"/") { - return true - } - } - - return false -} - func major(dev uint64) int { return int((dev >> 8) & 0xfff) } diff --git a/virtcontainers/mount_test.go b/virtcontainers/mount_test.go index 337529acf5..89ee65dd1d 100644 --- a/virtcontainers/mount_test.go +++ b/virtcontainers/mount_test.go @@ -29,30 +29,6 @@ import ( "testing" ) -func TestIsSystemMount(t *testing.T) { - tests := []struct { - mnt string - expected bool - }{ - {"/sys", true}, - {"/sys/", true}, - {"/sys//", true}, - {"/sys/fs", true}, - {"/sys/fs/", true}, - {"/sys/fs/cgroup", true}, - {"/sysfoo", false}, - {"/home", false}, - {"/dev/block/", true}, - } - - for _, test := range tests { - result := isSystemMount(test.mnt) - if result != test.expected { - t.Fatalf("Expected result for path %s : %v, got %v", test.mnt, test.expected, result) - } - } -} - func TestMajorMinorNumber(t *testing.T) { devices := []string{"/dev/zero", "/dev/net/tun"} From 80996b3b4069ef70df87e2dcab5c8e85ecd47c2e Mon Sep 17 00:00:00 2001 From: Sebastien Boeuf Date: Wed, 28 Mar 2018 08:44:40 -0700 Subject: [PATCH 2/2] virtcontainers: kata_agent: Handle several /dev/shm The kata_agent.go code breaks after the first /dev/shm. But in case several are defined, the agent will crash since other /dev/shm will be wrongly configured in the OCI spec mounts. Fixes #127 Signed-off-by: Sebastien Boeuf --- virtcontainers/kata_agent.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/virtcontainers/kata_agent.go b/virtcontainers/kata_agent.go index 1350f69f90..f5d950aeee 100644 --- a/virtcontainers/kata_agent.go +++ b/virtcontainers/kata_agent.go @@ -570,8 +570,6 @@ func constraintGRPCSpec(grpcSpec *grpc.Spec) { grpcSpec.Mounts[idx].Type = "tmpfs" grpcSpec.Mounts[idx].Source = "shm" grpcSpec.Mounts[idx].Options = []string{"noexec", "nosuid", "nodev", "mode=1777", "size=65536k"} - - break } } }