github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Use rbind and rprivate in bind mount.

Browse Source 
Signed-off-by: Lantao Liu <lantaol@google.com>
This commit is contained in:
Lantao Liu 2017-08-30 01:39:53 +00:00
parent 55ee423224
commit 3f4978b77b
3 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hack/test-e2e-node.sh
View File

@ -19,13 +19,9 @@ set -o pipefail
source $(dirname "${BASH_SOURCE[0]}")/test-utils.sh source $(dirname "${BASH_SOURCE[0]}")/test-utils.sh
DEFAULT_SKIP="\[Flaky\]|\[Slow\]|\[Serial\]" DEFAULT_SKIP="\[Flaky\]|\[Slow\]|\[Serial\]"
DEFAULT_SKIP+="|scheduling\sa\sGuaranteed\sPod"
DEFAULT_SKIP+="|scheduling\sa\sBurstable\sPod"
DEFAULT_SKIP+="|scheduling\sa\sBestEffort\sPod"
DEFAULT_SKIP+="|querying\s\/stats\/summary" DEFAULT_SKIP+="|querying\s\/stats\/summary"
DEFAULT_SKIP+="|set\sto\sthe\smanifest\sdigest" DEFAULT_SKIP+="|set\sto\sthe\smanifest\sdigest"
DEFAULT_SKIP+="|AppArmor" DEFAULT_SKIP+="|AppArmor"
DEFAULT_SKIP+="|Top\slevel\sQoS\scontainers"
DEFAULT_SKIP+="|pull\sfrom\sprivate\sregistry\swith\ssecret" DEFAULT_SKIP+="|pull\sfrom\sprivate\sregistry\swith\ssecret"
# FOCUS focuses the test to run. # FOCUS focuses the test to run.
@ -54,6 +50,10 @@ git checkout ${KUBERNETES_VERSION}
mkdir -p ${REPORT_DIR} mkdir -p ${REPORT_DIR}
start_cri_containerd ${REPORT_DIR} start_cri_containerd ${REPORT_DIR}
make test-e2e-node RUNTIME=remote CONTAINER_RUNTIME_ENDPOINT=unix:///var/run/cri-containerd.sock ARTIFACTS=${REPORT_DIR} make test-e2e-node \
RUNTIME=remote \
CONTAINER_RUNTIME_ENDPOINT=unix:///var/run/cri-containerd.sock \
ARTIFACTS=${REPORT_DIR} \
TEST_ARGS='--kubelet-flags=--cgroups-per-qos=true --kubelet-flags=--cgroup-root=/' # Enable the QOS tree.
kill_cri_containerd kill_cri_containerd

6
pkg/server/container_create.go
View File

@ -438,9 +438,11 @@ func addOCIBindMounts(g *generate.Generator, mounts []*runtime.Mount) {
for _, mount := range mounts { for _, mount := range mounts {
dst := mount.GetContainerPath() dst := mount.GetContainerPath()
src := mount.GetHostPath() src := mount.GetHostPath()
options := []string{"rw"} options := []string{"rbind", "rprivate"}
if mount.GetReadonly() { if mount.GetReadonly() {
options = []string{"ro"} options = append(options, "ro")
} else {
options = append(options, "rw")
} }
// TODO(random-liu): [P1] Apply selinux label // TODO(random-liu): [P1] Apply selinux label
g.AddBindMount(src, dst, options) g.AddBindMount(src, dst, options)

4
pkg/server/container_create_test.go
View File

@ -121,8 +121,8 @@ func getCreateContainerTestData() (*runtime.ContainerConfig, *runtime.PodSandbox
checkMount(t, spec.Mounts, "cgroup", "/sys/fs/cgroup", "cgroup", []string{"ro"}, nil) checkMount(t, spec.Mounts, "cgroup", "/sys/fs/cgroup", "cgroup", []string{"ro"}, nil)
t.Logf("Check bind mount") t.Logf("Check bind mount")
checkMount(t, spec.Mounts, "host-path-1", "container-path-1", "bind", []string{"rw"}, nil) checkMount(t, spec.Mounts, "host-path-1", "container-path-1", "bind", []string{"rbind", "rprivate", "rw"}, nil)
checkMount(t, spec.Mounts, "host-path-2", "container-path-2", "bind", []string{"ro"}, nil) checkMount(t, spec.Mounts, "host-path-2", "container-path-2", "bind", []string{"rbind", "rprivate", "ro"}, nil)
t.Logf("Check resource limits") t.Logf("Check resource limits")
assert.EqualValues(t, *spec.Linux.Resources.CPU.Period, 100) assert.EqualValues(t, *spec.Linux.Resources.CPU.Period, 100)