github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-01 15:58:37 +00:00
Code Issues Projects Releases Wiki Activity

fix mount options after remount

Browse Source 
Signed-off-by: yaroslavborbat <yaroslav.752@gmail.com>
This commit is contained in:
yaroslavborbat 2024-08-08 19:32:27 +03:00
parent d99d3f7eb7
commit a813376093
2 changed files with 17 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
staging/src/k8s.io/mount-utils/mount_linux.go
View File

@ -35,7 +35,6 @@ import (
"github.com/moby/sys/mountinfo" "github.com/moby/sys/mountinfo"
"golang.org/x/sys/unix" "golang.org/x/sys/unix"
libcontaineruserns "github.com/opencontainers/runc/libcontainer/userns"
"k8s.io/klog/v2" "k8s.io/klog/v2"
utilexec "k8s.io/utils/exec" utilexec "k8s.io/utils/exec"
) )
@ -114,7 +113,7 @@ func (mounter *Mounter) hasSystemd() bool {
// Map unix.Statfs mount flags ro, nodev, noexec, nosuid, noatime, relatime, // Map unix.Statfs mount flags ro, nodev, noexec, nosuid, noatime, relatime,
// nodiratime to mount option flag strings. // nodiratime to mount option flag strings.
func getUserNSBindMountOptions(path string, statfs func(path string, buf *unix.Statfs_t) (err error)) ([]string, error) { func getBindMountOptions(path string, statfs func(path string, buf *unix.Statfs_t) (err error)) ([]string, error) {
var s unix.Statfs_t var s unix.Statfs_t
var mountOpts []string var mountOpts []string
if err := statfs(path, &s); err != nil { if err := statfs(path, &s); err != nil {
@ -137,32 +136,23 @@ func getUserNSBindMountOptions(path string, statfs func(path string, buf *unix.S
return mountOpts, nil return mountOpts, nil
} }
// Do a bind mount including the needed remount for applying the bind opts. // Performs a bind mount with the specified options, and then remounts
// If the remount fails and we are running in a user namespace // the mount point with the same `nodev`, `nosuid`, `noexec`, `nosuid`, `noatime`,
// figure out if the source filesystem has the ro, nodev, noexec, nosuid, // `relatime`, `nodiratime` options as the original mount point.
// noatime, relatime or nodiratime flag set and try another remount with the found flags.
func (mounter *Mounter) bindMountSensitive(mounterPath string, mountCmd string, source string, target string, fstype string, bindOpts []string, bindRemountOpts []string, bindRemountOptsSensitive []string, mountFlags []string, systemdMountRequired bool) error { func (mounter *Mounter) bindMountSensitive(mounterPath string, mountCmd string, source string, target string, fstype string, bindOpts []string, bindRemountOpts []string, bindRemountOptsSensitive []string, mountFlags []string, systemdMountRequired bool) error {
err := mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindOpts, bindRemountOptsSensitive, mountFlags, systemdMountRequired) err := mounter.doMount(mounterPath, mountCmd, source, target, fstype, bindOpts, bindRemountOptsSensitive, mountFlags, systemdMountRequired)
if err != nil { if err != nil {
return err return err
} }
err = mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindRemountOpts, bindRemountOptsSensitive, mountFlags, systemdMountRequired) // Check if the source has ro, nodev, noexec, nosuid, noatime, relatime,
if libcontaineruserns.RunningInUserNS() { // nodiratime flag...
if err == nil { fixMountOpts, err := getBindMountOptions(source, unix.Statfs)
return nil if err != nil {
} return &os.PathError{Op: "statfs", Path: source, Err: err}
// Check if the source has ro, nodev, noexec, nosuid, noatime, relatime,
// nodiratime flag...
fixMountOpts, err := getUserNSBindMountOptions(source, unix.Statfs)
if err != nil {
return &os.PathError{Op: "statfs", Path: source, Err: err}
}
// ... and retry the mount with flags found above.
bindRemountOpts = append(bindRemountOpts, fixMountOpts...)
return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindRemountOpts, bindRemountOptsSensitive, mountFlags, systemdMountRequired)
} else {
return err
} }
// ... and retry the mount with flags found above.
bindRemountOpts = append(bindRemountOpts, fixMountOpts...)
return mounter.doMount(mounterPath, mountCmd, source, target, fstype, bindRemountOpts, bindRemountOptsSensitive, mountFlags, systemdMountRequired)
} }
// Mount mounts source to target as fstype with given options. 'source' and 'fstype' must // Mount mounts source to target as fstype with given options. 'source' and 'fstype' must

8
staging/src/k8s.io/mount-utils/mount_linux_test.go
View File

@ -821,7 +821,7 @@ func mkStatfsFlags[T1 constraints.Integer, T2 constraints.Integer](orig T1, add
return orig | T1(add) return orig | T1(add)
} }
func TestGetUserNSBindMountOptions(t *testing.T) { func TestGetBindMountOptions(t *testing.T) {
var testCases = map[string]struct { var testCases = map[string]struct {
flags int32 // smallest size used by any platform we care about flags int32 // smallest size used by any platform we care about
mountoptions string mountoptions string
@ -843,9 +843,9 @@ func TestGetUserNSBindMountOptions(t *testing.T) {
return nil return nil
} }
testGetUserNSBindMountOptionsSingleCase := func(t *testing.T) { testGetBindMountOptionsSingleCase := func(t *testing.T) {
path := strings.Split(t.Name(), "/")[1] path := strings.Split(t.Name(), "/")[1]
options, _ := getUserNSBindMountOptions(path, statfsMock) options, _ := getBindMountOptions(path, statfsMock)
sort.Strings(options) sort.Strings(options)
optionString := strings.Join(options, ",") optionString := strings.Join(options, ",")
mountOptions := testCases[path].mountoptions mountOptions := testCases[path].mountoptions
@ -855,7 +855,7 @@ func TestGetUserNSBindMountOptions(t *testing.T) {
} }
for k := range testCases { for k := range testCases {
t.Run(k, testGetUserNSBindMountOptionsSingleCase) t.Run(k, testGetBindMountOptionsSingleCase)
} }
} }