From af95a76bb2175d3cb3c5b62cadfac6e4e0aa5bb1 Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Sun, 12 Feb 2023 00:50:34 +0900
Subject: [PATCH] cri-api: fix comment lines about PROPAGATION_PRIVATE

The current CRI implementations treat `PROPAGATION_PRIVATE` as "rprivate", not "private":
- https://github.com/containerd/containerd/blob/v1.6.16/pkg/cri/opts/spec_linux.go#L181
- https://github.com/cri-o/cri-o/blob/v1.26.1/server/container_create_linux.go#L982

However, this is not always true for cri-dockerd, which treats `PROPAGATION_PRIVATE` as
noop and lets dockerd use its default propagation mode:
- https://github.com/Mirantis/cri-dockerd/blob/v0.3.1/libdocker/helpers.go#L235-L236
  (The "private is default" comment in L236 is inaccurate)

dockerd's default propagation mode is "rprivate" for most cases, but dockerd changes
its default propagation mode to "rslave" when the mount source contains the daemon root
(`/var/lib/docker`):
- https://github.com/moby/moby/blob/v20.10.23/volume/mounts/linux_parser.go#L145
- https://github.com/moby/moby/blob/v20.10.23/daemon/volumes.go#L137-L143
- https://github.com/moby/moby/blob/v20.10.23/daemon/volumes_linux.go#L11-L36

This behavior was introduced in Docker 18.03 (moby/moby PR 36055).

Related:
- kubernetes/website PR 39385
- Mirantis/cri-dockerd PR 159

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
 staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go | 2 +-
 staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go b/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go
index 56bc7dbae7f..95cdd5cfa3f 100644
--- a/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go
+++ b/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go
@@ -77,7 +77,7 @@ func (Protocol) EnumDescriptor() ([]byte, []int) {
 type MountPropagation int32
 
 const (
-	// No mount propagation ("private" in Linux terminology).
+	// No mount propagation ("rprivate" in Linux terminology).
 	MountPropagation_PROPAGATION_PRIVATE MountPropagation = 0
 	// Mounts get propagated from the host to the container ("rslave" in Linux).
 	MountPropagation_PROPAGATION_HOST_TO_CONTAINER MountPropagation = 1
diff --git a/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto b/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto
index 3e20c42c609..11d58636369 100644
--- a/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto
+++ b/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto
@@ -199,7 +199,7 @@ message PortMapping {
 }
 
 enum MountPropagation {
-    // No mount propagation ("private" in Linux terminology).
+    // No mount propagation ("rprivate" in Linux terminology).
     PROPAGATION_PRIVATE = 0;
     // Mounts get propagated from the host to the container ("rslave" in Linux).
     PROPAGATION_HOST_TO_CONTAINER = 1;