github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-25 11:31:44 +00:00
Code Issues Projects Releases Wiki Activity

Revert "fix mount options after remount"

Browse Source 
This reverts commit a813376093.
This commit is contained in:
Jan Safranek 2024-10-07 10:00:20 +02:00
parent a953e42506
commit 7306cc1764
2 changed files with 27 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
staging/src/k8s.io/mount-utils/mount_linux.go
View File

@ -35,6 +35,7 @@ import (
"github.com/moby/sys/mountinfo" "github.com/moby/sys/mountinfo"
"golang.org/x/sys/unix" "golang.org/x/sys/unix"
libcontaineruserns "github.com/opencontainers/runc/libcontainer/userns"
"k8s.io/klog/v2" "k8s.io/klog/v2"
utilexec "k8s.io/utils/exec" utilexec "k8s.io/utils/exec"
) )
@ -113,7 +114,7 @@ func (mounter *Mounter) hasSystemd() bool {
// Map unix.Statfs mount flags ro, nodev, noexec, nosuid, noatime, relatime, // Map unix.Statfs mount flags ro, nodev, noexec, nosuid, noatime, relatime,
// nodiratime to mount option flag strings. // nodiratime to mount option flag strings.
func getBindMountOptions(path string, statfs func(path string, buf *unix.Statfs_t) (err error)) ([]string, error) { func getUserNSBindMountOptions(path string, statfs func(path string, buf *unix.Statfs_t) (err error)) ([]string, error) {
var s unix.Statfs_t var s unix.Statfs_t
var mountOpts []string var mountOpts []string
if err := statfs(path, &s); err != nil { if err := statfs(path, &s); err != nil {
@ -136,23 +137,32 @@ func getBindMountOptions(path string, statfs func(path string, buf *unix.Statfs_
return mountOpts, nil return mountOpts, nil
} }
// Performs a bind mount with the specified options, and then remounts // Do a bind mount including the needed remount for applying the bind opts.
// the mount point with the same `nodev`, `nosuid`, `noexec`, `nosuid`, `noatime`, // If the remount fails and we are running in a user namespace
// `relatime`, `nodiratime` options as the original mount point. // figure out if the source filesystem has the ro, nodev, noexec, nosuid,
// noatime, relatime or nodiratime flag set and try another remount with the found flags.
func (mounter *Mounter) bindMountSensitive(mounterPath string, mountCmd string, source string, target string, fstype string, bindOpts []string, bindRemountOpts []string, bindRemountOptsSensitive []string, mountFlags []string, systemdMountRequired bool) error { func (mounter *Mounter) bindMountSensitive(mounterPath string, mountCmd string, source string, target string, fstype string, bindOpts []string, bindRemountOpts []string, bindRemountOptsSensitive []string, mountFlags []string, systemdMountRequired bool) error {
err := mounter.doMount(mounterPath, mountCmd, source, target, fstype, bindOpts, bindRemountOptsSensitive, mountFlags, systemdMountRequired) err := mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindOpts, bindRemountOptsSensitive, mountFlags, systemdMountRequired)
if err != nil { if err != nil {
return err return err
} }
// Check if the source has ro, nodev, noexec, nosuid, noatime, relatime, err = mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindRemountOpts, bindRemountOptsSensitive, mountFlags, systemdMountRequired)
// nodiratime flag... if libcontaineruserns.RunningInUserNS() {
fixMountOpts, err := getBindMountOptions(source, unix.Statfs) if err == nil {
if err != nil { return nil
return &os.PathError{Op: "statfs", Path: source, Err: err} }
// Check if the source has ro, nodev, noexec, nosuid, noatime, relatime,
// nodiratime flag...
fixMountOpts, err := getUserNSBindMountOptions(source, unix.Statfs)
if err != nil {
return &os.PathError{Op: "statfs", Path: source, Err: err}
}
// ... and retry the mount with flags found above.
bindRemountOpts = append(bindRemountOpts, fixMountOpts...)
return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindRemountOpts, bindRemountOptsSensitive, mountFlags, systemdMountRequired)
} else {
return err
} }
// ... and retry the mount with flags found above.
bindRemountOpts = append(bindRemountOpts, fixMountOpts...)
return mounter.doMount(mounterPath, mountCmd, source, target, fstype, bindRemountOpts, bindRemountOptsSensitive, mountFlags, systemdMountRequired)
} }
// Mount mounts source to target as fstype with given options. 'source' and 'fstype' must // Mount mounts source to target as fstype with given options. 'source' and 'fstype' must

8
staging/src/k8s.io/mount-utils/mount_linux_test.go
View File

@ -821,7 +821,7 @@ func mkStatfsFlags[T1 constraints.Integer, T2 constraints.Integer](orig T1, add
return orig | T1(add) return orig | T1(add)
} }
func TestGetBindMountOptions(t *testing.T) { func TestGetUserNSBindMountOptions(t *testing.T) {
var testCases = map[string]struct { var testCases = map[string]struct {
flags int32 // smallest size used by any platform we care about flags int32 // smallest size used by any platform we care about
mountoptions string mountoptions string
@ -843,9 +843,9 @@ func TestGetBindMountOptions(t *testing.T) {
return nil return nil
} }
testGetBindMountOptionsSingleCase := func(t *testing.T) { testGetUserNSBindMountOptionsSingleCase := func(t *testing.T) {
path := strings.Split(t.Name(), "/")[1] path := strings.Split(t.Name(), "/")[1]
options, _ := getBindMountOptions(path, statfsMock) options, _ := getUserNSBindMountOptions(path, statfsMock)
sort.Strings(options) sort.Strings(options)
optionString := strings.Join(options, ",") optionString := strings.Join(options, ",")
mountOptions := testCases[path].mountoptions mountOptions := testCases[path].mountoptions
@ -855,7 +855,7 @@ func TestGetBindMountOptions(t *testing.T) {
} }
for k := range testCases { for k := range testCases {
t.Run(k, testGetBindMountOptionsSingleCase) t.Run(k, testGetUserNSBindMountOptionsSingleCase)
} }
} }