From 05e51539a95f739c8963ab5184b8bda540e34e36 Mon Sep 17 00:00:00 2001 From: kh Date: Tue, 15 Jun 2021 16:01:40 +0800 Subject: [PATCH] command line flags of setting container rootfs propagation Signed-off-by: Kitt Hsu --- cmd/ctr/commands/commands_unix.go | 3 +++ cmd/ctr/commands/run/run_unix.go | 16 ++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/cmd/ctr/commands/commands_unix.go b/cmd/ctr/commands/commands_unix.go index 38ee594f0..a43516909 100644 --- a/cmd/ctr/commands/commands_unix.go +++ b/cmd/ctr/commands/commands_unix.go @@ -36,5 +36,8 @@ func init() { }, cli.Uint64Flag{ Name: "cpu-period", Usage: "Limit CPU CFS period", + }, cli.StringFlag{ + Name: "rootfs-propagation", + Usage: "set the propagation of the container rootfs", }) } diff --git a/cmd/ctr/commands/run/run_unix.go b/cmd/ctr/commands/run/run_unix.go index cb5abd876..8ecfdd7a9 100644 --- a/cmd/ctr/commands/run/run_unix.go +++ b/cmd/ctr/commands/run/run_unix.go @@ -27,6 +27,7 @@ import ( "github.com/containerd/containerd" "github.com/containerd/containerd/cmd/ctr/commands" + "github.com/containerd/containerd/containers" "github.com/containerd/containerd/contrib/apparmor" "github.com/containerd/containerd/contrib/nvidia" "github.com/containerd/containerd/contrib/seccomp" @@ -266,6 +267,21 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli for _, dev := range context.StringSlice("device") { opts = append(opts, oci.WithDevices(dev, "", "rwm")) } + + rootfsPropagation := context.String("rootfs-propagation") + if rootfsPropagation != "" { + opts = append(opts, func(_ gocontext.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error { + if s.Linux != nil { + s.Linux.RootfsPropagation = rootfsPropagation + } else { + s.Linux = &specs.Linux{ + RootfsPropagation: rootfsPropagation, + } + } + + return nil + }) + } } runtimeOpts, err := getRuntimeOptions(context)