github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-13 13:46:46 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2265 from rapiz1/simple-ro-mount

Browse Source 
virtcontainers: simplify read-only mount handling
This commit is contained in:
Jianyong Wu 2021-11-01 10:43:16 +08:00 committed by GitHub
commit e15c8460db
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/runtime/virtcontainers/container.go
View File

@ -463,25 +463,21 @@ func (c *Container) shareFiles(ctx context.Context, m Mount, idx int) (string, b
// For RO mounts, bindmount remount event is not propagated to mount subtrees, // For RO mounts, bindmount remount event is not propagated to mount subtrees,
// and it doesn't present in the virtiofsd standalone mount namespace either. // and it doesn't present in the virtiofsd standalone mount namespace either.
// So we end up a bit tricky: // So we end up a bit tricky:
// 1. make a private bind mount to the mount source // 1. make a private ro bind mount to the mount source
// 2. make another ro bind mount on the private mount // 2. duplicate the ro mount we create in step 1 to mountDest, by making a bind mount. No need to remount with MS_RDONLY here.
// 3. move the ro bind mount to mountDest // 3. umount the private bind mount created in step 1
// 4. umount the private bind mount created in step 1
privateDest := filepath.Join(getPrivatePath(c.sandboxID), filename) privateDest := filepath.Join(getPrivatePath(c.sandboxID), filename)
if err := bindMount(c.ctx, m.Source, privateDest, false, "private"); err != nil {
if err := bindMount(c.ctx, m.Source, privateDest, true, "private"); err != nil {
return "", false, err return "", false, err
} }
defer func() { defer func() {
syscall.Unmount(privateDest, syscall.MNT_DETACH|UmountNoFollow) syscall.Unmount(privateDest, syscall.MNT_DETACH|UmountNoFollow)
}() }()
if err := bindMount(c.ctx, privateDest, privateDest, true, "private"); err != nil {
return "", false, err
}
if err := moveMount(c.ctx, privateDest, mountDest); err != nil {
return "", false, err
}
syscall.Unmount(privateDest, syscall.MNT_DETACH|UmountNoFollow) if err := bindMount(c.ctx, privateDest, mountDest, false, "private"); err != nil {
return "", false, err
}
} }
// Save HostPath mount value into the mount list of the container. // Save HostPath mount value into the mount list of the container.
c.mounts[idx].HostPath = mountDest c.mounts[idx].HostPath = mountDest

16
src/runtime/virtcontainers/mount.go
View File

@ -242,22 +242,6 @@ func evalMountPath(source, destination string) (string, string, error) {
return absSource, destination, nil return absSource, destination, nil
} }
// moveMount moves a mountpoint to another path with some bookkeeping:
// * evaluate all symlinks
// * ensure the source exists
// * recursively create the destination
func moveMount(ctx context.Context, source, destination string) error {
span, _ := katatrace.Trace(ctx, nil, "moveMount", mountTracingTags)
defer span.End()
source, destination, err := evalMountPath(source, destination)
if err != nil {
return err
}
return syscall.Mount(source, destination, "move", syscall.MS_MOVE, "")
}
// bindMount bind mounts a source in to a destination. This will // bindMount bind mounts a source in to a destination. This will
// do some bookkeeping: // do some bookkeeping:
// * evaluate all symlinks // * evaluate all symlinks