Merge pull request #5611 from cloudtogo/rootfs-propagation

ctr flags of container rootfs propagation
2021-06-17 11:30:14 +08:00 · 2021-06-17 11:30:14 +08:00 · 11304a4ac8
commit 11304a4ac8
parent 1dada3fc2a 05e51539a9
2 changed files with 19 additions and 0 deletions
--- a/cmd/ctr/commands/commands_unix.go
+++ b/cmd/ctr/commands/commands_unix.go
@ -36,5 +36,8 @@ func init() {
 	}, cli.Uint64Flag{
 		Name:  "cpu-period",
 		Usage: "Limit CPU CFS period",
+	}, cli.StringFlag{
+		Name:  "rootfs-propagation",
+		Usage: "set the propagation of the container rootfs",
 	})
 }
--- a/cmd/ctr/commands/run/run_unix.go
+++ b/cmd/ctr/commands/run/run_unix.go
@ -27,6 +27,7 @@ import (

 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/cmd/ctr/commands"
+	"github.com/containerd/containerd/containers"
 	"github.com/containerd/containerd/contrib/apparmor"
 	"github.com/containerd/containerd/contrib/nvidia"
 	"github.com/containerd/containerd/contrib/seccomp"
@ -266,6 +267,21 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
 		for _, dev := range context.StringSlice("device") {
 			opts = append(opts, oci.WithDevices(dev, "", "rwm"))
 		}
+
+		rootfsPropagation := context.String("rootfs-propagation")
+		if rootfsPropagation != "" {
+			opts = append(opts, func(_ gocontext.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error {
+				if s.Linux != nil {
+					s.Linux.RootfsPropagation = rootfsPropagation
+				} else {
+					s.Linux = &specs.Linux{
+						RootfsPropagation: rootfsPropagation,
+					}
+				}
+
+				return nil
+			})
+		}
 	}

 	runtimeOpts, err := getRuntimeOptions(context)