Merge pull request #3148 from masters-of-cats/wip-rootless-containerd
Skip rootfs unmount when no mounts are provided
This commit is contained in:
Michael Crosby
@@ -111,7 +111,18 @@ func unmount(target string, flags int) error {
|
|||||||
// UnmountAll repeatedly unmounts the given mount point until there
|
// UnmountAll repeatedly unmounts the given mount point until there
|
||||||
// are no mounts remaining (EINVAL is returned by mount), which is
|
// are no mounts remaining (EINVAL is returned by mount), which is
|
||||||
// useful for undoing a stack of mounts on the same mount point.
|
// useful for undoing a stack of mounts on the same mount point.
|
||||||
|
// UnmountAll all is noop when the first argument is an empty string.
|
||||||
|
// This is done when the containerd client did not specify any rootfs
|
||||||
|
// mounts (e.g. because the rootfs is managed outside containerd)
|
||||||
|
// UnmountAll is noop when the mount path does not exist.
|
||||||
func UnmountAll(mount string, flags int) error {
|
func UnmountAll(mount string, flags int) error {
|
||||||
|
if mount == "" {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
if _, err := os.Stat(mount); os.IsNotExist(err) {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
for {
|
for {
|
||||||
if err := unmount(mount, flags); err != nil {
|
if err := unmount(mount, flags); err != nil {
|
||||||
// EINVAL is returned if the target is not a
|
// EINVAL is returned if the target is not a
|
||||||
|
|||||||
@@ -65,9 +65,6 @@ func newBundle(id, path, workDir string, spec []byte) (b *bundle, err error) {
|
|||||||
os.RemoveAll(workDir)
|
os.RemoveAll(workDir)
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
if err := os.Mkdir(filepath.Join(path, "rootfs"), 0711); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
err = ioutil.WriteFile(filepath.Join(path, configFilename), spec, 0666)
|
err = ioutil.WriteFile(filepath.Join(path, configFilename), spec, 0666)
|
||||||
return &bundle{
|
return &bundle{
|
||||||
id: id,
|
id: id,
|
||||||
|
|||||||
@@ -124,6 +124,14 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ *
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
rootfs := ""
|
||||||
|
if len(mounts) > 0 {
|
||||||
|
rootfs = filepath.Join(r.Bundle, "rootfs")
|
||||||
|
if err := os.Mkdir(rootfs, 0711); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
config := &proc.CreateConfig{
|
config := &proc.CreateConfig{
|
||||||
ID: r.ID,
|
ID: r.ID,
|
||||||
Bundle: r.Bundle,
|
Bundle: r.Bundle,
|
||||||
@@ -137,7 +145,6 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ *
|
|||||||
ParentCheckpoint: r.ParentCheckpoint,
|
ParentCheckpoint: r.ParentCheckpoint,
|
||||||
Options: r.Options,
|
Options: r.Options,
|
||||||
}
|
}
|
||||||
rootfs := filepath.Join(r.Bundle, "rootfs")
|
|
||||||
defer func() {
|
defer func() {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if err2 := mount.UnmountAll(rootfs, 0); err2 != nil {
|
if err2 := mount.UnmountAll(rootfs, 0); err2 != nil {
|
||||||
@@ -169,6 +176,7 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ *
|
|||||||
s.config.SystemdCgroup,
|
s.config.SystemdCgroup,
|
||||||
s.platform,
|
s.platform,
|
||||||
config,
|
config,
|
||||||
|
rootfs,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errdefs.ToGRPC(err)
|
return nil, errdefs.ToGRPC(err)
|
||||||
@@ -632,7 +640,7 @@ func getTopic(ctx context.Context, e interface{}) string {
|
|||||||
return runtime.TaskUnknownTopic
|
return runtime.TaskUnknownTopic
|
||||||
}
|
}
|
||||||
|
|
||||||
func newInit(ctx context.Context, path, workDir, runtimeRoot, namespace, criu string, systemdCgroup bool, platform rproc.Platform, r *proc.CreateConfig) (*proc.Init, error) {
|
func newInit(ctx context.Context, path, workDir, runtimeRoot, namespace, criu string, systemdCgroup bool, platform rproc.Platform, r *proc.CreateConfig, rootfs string) (*proc.Init, error) {
|
||||||
var options runctypes.CreateOptions
|
var options runctypes.CreateOptions
|
||||||
if r.Options != nil {
|
if r.Options != nil {
|
||||||
v, err := typeurl.UnmarshalAny(r.Options)
|
v, err := typeurl.UnmarshalAny(r.Options)
|
||||||
@@ -642,7 +650,6 @@ func newInit(ctx context.Context, path, workDir, runtimeRoot, namespace, criu st
|
|||||||
options = *v.(*runctypes.CreateOptions)
|
options = *v.(*runctypes.CreateOptions)
|
||||||
}
|
}
|
||||||
|
|
||||||
rootfs := filepath.Join(path, "rootfs")
|
|
||||||
runtime := proc.NewRunc(runtimeRoot, path, namespace, r.Runtime, criu, systemdCgroup)
|
runtime := proc.NewRunc(runtimeRoot, path, namespace, r.Runtime, criu, systemdCgroup)
|
||||||
p := proc.New(r.ID, runtime, rproc.Stdio{
|
p := proc.New(r.ID, runtime, rproc.Stdio{
|
||||||
Stdin: r.Stdin,
|
Stdin: r.Stdin,
|
||||||
|
|||||||
@@ -89,10 +89,6 @@ func NewBundle(ctx context.Context, root, state, id string, spec []byte) (b *Bun
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
paths = append(paths, work)
|
paths = append(paths, work)
|
||||||
// create rootfs dir
|
|
||||||
if err := os.Mkdir(filepath.Join(b.Path, "rootfs"), 0711); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
// symlink workdir
|
// symlink workdir
|
||||||
if err := os.Symlink(work, filepath.Join(b.Path, "work")); err != nil {
|
if err := os.Symlink(work, filepath.Join(b.Path, "work")); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|||||||
@@ -21,6 +21,7 @@ package runc
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
@@ -63,6 +64,15 @@ func NewContainer(ctx context.Context, platform rproc.Platform, r *task.CreateTa
|
|||||||
Options: m.Options,
|
Options: m.Options,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
rootfs := ""
|
||||||
|
if len(mounts) > 0 {
|
||||||
|
rootfs = filepath.Join(r.Bundle, "rootfs")
|
||||||
|
if err := os.Mkdir(rootfs, 0711); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
config := &proc.CreateConfig{
|
config := &proc.CreateConfig{
|
||||||
ID: r.ID,
|
ID: r.ID,
|
||||||
Bundle: r.Bundle,
|
Bundle: r.Bundle,
|
||||||
@@ -80,7 +90,6 @@ func NewContainer(ctx context.Context, platform rproc.Platform, r *task.CreateTa
|
|||||||
if err := WriteRuntime(r.Bundle, opts.BinaryName); err != nil {
|
if err := WriteRuntime(r.Bundle, opts.BinaryName); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
rootfs := filepath.Join(r.Bundle, "rootfs")
|
|
||||||
defer func() {
|
defer func() {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if err2 := mount.UnmountAll(rootfs, 0); err2 != nil {
|
if err2 := mount.UnmountAll(rootfs, 0); err2 != nil {
|
||||||
@@ -107,6 +116,7 @@ func NewContainer(ctx context.Context, platform rproc.Platform, r *task.CreateTa
|
|||||||
platform,
|
platform,
|
||||||
config,
|
config,
|
||||||
&opts,
|
&opts,
|
||||||
|
rootfs,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errdefs.ToGRPC(err)
|
return nil, errdefs.ToGRPC(err)
|
||||||
@@ -146,8 +156,7 @@ func WriteRuntime(path, runtime string) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func newInit(ctx context.Context, path, workDir, namespace string, platform rproc.Platform,
|
func newInit(ctx context.Context, path, workDir, namespace string, platform rproc.Platform,
|
||||||
r *proc.CreateConfig, options *options.Options) (*proc.Init, error) {
|
r *proc.CreateConfig, options *options.Options, rootfs string) (*proc.Init, error) {
|
||||||
rootfs := filepath.Join(path, "rootfs")
|
|
||||||
runtime := proc.NewRunc(options.Root, path, namespace, options.BinaryName, options.CriuPath, options.SystemdCgroup)
|
runtime := proc.NewRunc(options.Root, path, namespace, options.BinaryName, options.CriuPath, options.SystemdCgroup)
|
||||||
p := proc.New(r.ID, runtime, rproc.Stdio{
|
p := proc.New(r.ID, runtime, rproc.Stdio{
|
||||||
Stdin: r.Stdin,
|
Stdin: r.Stdin,
|
||||||
|
|||||||
Reference in New Issue
Block a user