github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

KEP-3857: Recursive Read-only (RRO) mounts

Browse Source 
See kubernetes/enhancements issue 3857 (PR 3858).

Replaces PR 9713 `cri: make read-only mounts recursively read-only`

Unlike PR 9713, this PR does not automatically upgrade RO mounts to RRO.

Test depends on:
- kubernetes-sigs/cri-tools PR 1344

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
Akihiro Suda
2024-02-07 23:01:58 +09:00
parent 83ad4367d1
commit 9077d13728
15 changed files with 1288 additions and 503 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/cri/server/service_linux.go
View File

@@ -23,11 +23,20 @@ import (
"tags.cncf.io/container-device-interface/pkg/cdi"
"github.com/containerd/containerd/v2/pkg/cap"
"github.com/containerd/containerd/v2/pkg/kernelversion"
"github.com/containerd/containerd/v2/pkg/userns"
"github.com/containerd/go-cni"
"github.com/containerd/log"
)
func init() {
var err error
kernelSupportsRRO, err = kernelversion.GreaterEqualThan(kernelversion.KernelVersion{Kernel: 5, Major: 12})
if err != nil {
panic(fmt.Errorf("failed to check kernel version: %w", err))
}
}
// networkAttachCount is the minimum number of networks the PodSandbox
// attaches to
const networkAttachCount = 2