github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Fix double /dev/shm mount.

Browse Source 
Signed-off-by: Lantao Liu <lantaol@google.com>
This commit is contained in:
Lantao Liu 2018-06-14 19:03:19 -07:00
parent b39546ce2b
commit 53f1ab4145
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/server/container_create.go
View File

@ -777,6 +777,10 @@ func defaultRuntimeSpec(id string) (*runtimespec.Spec, error) {
if mount.Destination == "/run" { if mount.Destination == "/run" {
continue continue
} }
// CRI plugin handles `/dev/shm` itself.
if mount.Destination == "/dev/shm" {
continue
}
mounts = append(mounts, mount) mounts = append(mounts, mount)
} }
spec.Mounts = mounts spec.Mounts = mounts

8
pkg/server/sandbox_run.go
View File

@ -388,6 +388,14 @@ func (c *criService) generateSandboxContainerSpec(id string, config *runtime.Pod
g.RemoveLinuxNamespace(string(runtimespec.IPCNamespace)) // nolint: errcheck g.RemoveLinuxNamespace(string(runtimespec.IPCNamespace)) // nolint: errcheck
} }
// It's fine to generate the spec before the sandbox /dev/shm
// is actually created.
sandboxDevShm := c.getSandboxDevShm(id)
if nsOptions.GetIpc() == runtime.NamespaceMode_NODE {
sandboxDevShm = devShm
}
g.AddBindMount(sandboxDevShm, devShm, []string{"rbind", "ro"})
selinuxOpt := securityContext.GetSelinuxOptions() selinuxOpt := securityContext.GetSelinuxOptions()
processLabel, mountLabel, err := initSelinuxOpts(selinuxOpt) processLabel, mountLabel, err := initSelinuxOpts(selinuxOpt)
if err != nil { if err != nil {