mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-07-21 10:09:07 +00:00
Rework how /var is mounted
Instead of mounting a new filesystem, revert to doing a `rw` bind. However do not make `/` `rshared`, just `/var` as that is where we expect filesystems to be mounted for persistence. Also only make the actual container rootfs writeable, not the whole directory. Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
Justin Cormack
parent
ce70127028
commit
9ee52aa966
@ -2,7 +2,7 @@ kernel:
|
||||
image: "mobylinux/kernel:4.9.x"
|
||||
cmdline: "console=ttyS0 console=tty0 page_poison=1"
|
||||
init:
|
||||
- mobylinux/init:4a731380d1d9b29472c7de165a1cdf93136ab1e7
|
||||
- mobylinux/init:671bdce1ed0803daeb35e83e4bcd576bb449ea35
|
||||
- mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9
|
||||
- mobylinux/containerd:c7f6ecdcbcb615a53edee556ba03c7c873bc8488
|
||||
- mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935
|
||||
|
||||
@ -2,7 +2,7 @@ kernel:
|
||||
image: "mobylinux/kernel:4.9.x"
|
||||
cmdline: "console=ttyS0 page_poison=1"
|
||||
init:
|
||||
- mobylinux/init:4a731380d1d9b29472c7de165a1cdf93136ab1e7
|
||||
- mobylinux/init:671bdce1ed0803daeb35e83e4bcd576bb449ea35
|
||||
- mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9
|
||||
- mobylinux/containerd:c7f6ecdcbcb615a53edee556ba03c7c873bc8488
|
||||
- mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935
|
||||
|
||||
@ -2,7 +2,7 @@ kernel:
|
||||
image: "mobylinux/kernel:4.9.x"
|
||||
cmdline: "console=ttyS0 page_poison=1"
|
||||
init:
|
||||
- mobylinux/init:4a731380d1d9b29472c7de165a1cdf93136ab1e7
|
||||
- mobylinux/init:671bdce1ed0803daeb35e83e4bcd576bb449ea35
|
||||
- mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9
|
||||
- mobylinux/containerd:c7f6ecdcbcb615a53edee556ba03c7c873bc8488
|
||||
- mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935
|
||||
|
||||
@ -2,7 +2,7 @@ kernel:
|
||||
image: "mobylinux/kernel:4.9.x"
|
||||
cmdline: "console=tty0 page_poison=1"
|
||||
init:
|
||||
- mobylinux/init:4a731380d1d9b29472c7de165a1cdf93136ab1e7
|
||||
- mobylinux/init:671bdce1ed0803daeb35e83e4bcd576bb449ea35
|
||||
- mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9
|
||||
- mobylinux/containerd:c7f6ecdcbcb615a53edee556ba03c7c873bc8488
|
||||
- mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935
|
||||
|
||||
2
moby.yml
2
moby.yml
@ -2,7 +2,7 @@ kernel:
|
||||
image: "mobylinux/kernel:4.9.x"
|
||||
cmdline: "console=ttyS0 console=tty0 page_poison=1"
|
||||
init:
|
||||
- mobylinux/init:4a731380d1d9b29472c7de165a1cdf93136ab1e7
|
||||
- mobylinux/init:671bdce1ed0803daeb35e83e4bcd576bb449ea35
|
||||
- mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9
|
||||
- mobylinux/containerd:c7f6ecdcbcb615a53edee556ba03c7c873bc8488
|
||||
- mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935
|
||||
|
||||
@ -8,6 +8,7 @@ then
|
||||
do
|
||||
base="$(basename $f)"
|
||||
/bin/mount --bind "$f/rootfs" "$f/rootfs"
|
||||
mount -o remount,rw "$f/rootfs"
|
||||
/usr/bin/runc run --bundle "$f" "$(basename $f)"
|
||||
printf " - $base\n"
|
||||
done
|
||||
@ -22,6 +23,7 @@ then
|
||||
do
|
||||
base="$(basename $f)"
|
||||
/bin/mount --bind "$f/rootfs" "$f/rootfs"
|
||||
mount -o remount,rw "$f/rootfs"
|
||||
log="/var/log/$base.log"
|
||||
/sbin/start-stop-daemon --start --pidfile /run/$base.pid --exec /usr/bin/runc -- run --bundle "$f" --pid-file /run/$base.pid "$(basename $f)" </dev/null 2>$log >$log &
|
||||
printf " - $base\n"
|
||||
|
||||
@ -107,17 +107,10 @@ mkdir /tmp/etc
|
||||
mv /etc/resolv.conf /tmp/etc/resolv.conf
|
||||
ln -snf /tmp/etc/resolv.conf /etc/resolv.conf
|
||||
|
||||
# mount rootfs as rshared
|
||||
mount --make-rshared /
|
||||
|
||||
# remount rootfs as readonly
|
||||
mount -o remount,ro /
|
||||
|
||||
# bind and remount containers as read-write but private
|
||||
mount -o bind /containers /containers
|
||||
mount -o remount,rw,relatime /containers /containers
|
||||
mount --make-private /containers
|
||||
|
||||
# make /var its own tmpfs mount point
|
||||
mount -n -t tmpfs var /var -o nodev,nosuid,noexec,relatime,size=10%,mode=755
|
||||
# make /var writeable and shared
|
||||
mount -o bind /var /var
|
||||
mount -o remount,rw,nodev,nosuid,noexec,relatime /var /var
|
||||
mount --make-rshared /var
|
||||
|
||||
@ -2,7 +2,7 @@ kernel:
|
||||
image: "mobylinux/kernel:4.9.x"
|
||||
cmdline: "console=ttyS0 console=tty0 page_poison=1"
|
||||
init:
|
||||
- mobylinux/init:4a731380d1d9b29472c7de165a1cdf93136ab1e7
|
||||
- mobylinux/init:671bdce1ed0803daeb35e83e4bcd576bb449ea35
|
||||
- mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9
|
||||
- mobylinux/containerd:c7f6ecdcbcb615a53edee556ba03c7c873bc8488
|
||||
- mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935
|
||||
|
||||
@ -2,7 +2,7 @@ kernel:
|
||||
image: "mobylinux/kernel-landlock:4.9.x"
|
||||
cmdline: "console=ttyS0 page_poison=1"
|
||||
init:
|
||||
- mobylinux/init:4a731380d1d9b29472c7de165a1cdf93136ab1e7
|
||||
- mobylinux/init:671bdce1ed0803daeb35e83e4bcd576bb449ea35
|
||||
- mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9
|
||||
- mobylinux/containerd:c7f6ecdcbcb615a53edee556ba03c7c873bc8488
|
||||
- mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935
|
||||
|
||||
@ -2,7 +2,7 @@ kernel:
|
||||
image: "mobylinux/kernel:4.9.x"
|
||||
cmdline: "console=ttyS0"
|
||||
init:
|
||||
- mobylinux/init:4a731380d1d9b29472c7de165a1cdf93136ab1e7
|
||||
- mobylinux/init:671bdce1ed0803daeb35e83e4bcd576bb449ea35
|
||||
- mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9
|
||||
- mobylinux/containerd:c7f6ecdcbcb615a53edee556ba03c7c873bc8488
|
||||
- mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935
|
||||
|
||||
@ -2,7 +2,7 @@ kernel:
|
||||
image: "mobylinux/kernel:4.9.x"
|
||||
cmdline: "console=ttyS0"
|
||||
init:
|
||||
- mobylinux/init:4a731380d1d9b29472c7de165a1cdf93136ab1e7
|
||||
- mobylinux/init:671bdce1ed0803daeb35e83e4bcd576bb449ea35
|
||||
- mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9
|
||||
- mobylinux/containerd:c7f6ecdcbcb615a53edee556ba03c7c873bc8488
|
||||
- mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935
|
||||
|
||||
@ -6,7 +6,7 @@ kernel:
|
||||
image: "mobylinux/kernel:4.9.x"
|
||||
cmdline: "console=ttyS0 page_poison=1"
|
||||
init:
|
||||
- mobylinux/init:4a731380d1d9b29472c7de165a1cdf93136ab1e7
|
||||
- mobylinux/init:671bdce1ed0803daeb35e83e4bcd576bb449ea35
|
||||
- mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9
|
||||
- mobylinux/containerd:c7f6ecdcbcb615a53edee556ba03c7c873bc8488
|
||||
- mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935
|
||||
|
||||
Loading…
Reference in New Issue
Block a user