Support mount propagation

fixex #185 Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
2017-09-06 16:48:23 +08:00
parent 59e75d8c5e
commit 9da460ec0a
7 changed files with 451 additions and 271 deletions
--- a/pkg/server/container_create.go
+++ b/pkg/server/container_create.go
@@ -481,7 +481,19 @@ func addOCIBindMounts(g *generate.Generator, mounts []*runtime.Mount, mountLabel
 	for _, mount := range mounts {
 		dst := mount.GetContainerPath()
 		src := mount.GetHostPath()
-		options := []string{"rbind", "rprivate"}
+		options := []string{"rbind"}
+		switch mount.GetPropagation() {
+		case runtime.MountPropagation_PROPAGATION_PRIVATE:
+			options = append(options, "rprivate")
+		case runtime.MountPropagation_PROPAGATION_BIDIRECTIONAL:
+			options = append(options, "rshared")
+		case runtime.MountPropagation_PROPAGATION_HOST_TO_CONTAINER:
+			options = append(options, "rslave")
+		default:
+			glog.Warningf("Unknown propagation mode for hostPath %q", mount.HostPath)
+			options = append(options, "rprivate")
+		}
+
 		if mount.GetReadonly() {
 			options = append(options, "ro")
 		} else {
--- a/pkg/server/container_create_test.go
+++ b/pkg/server/container_create_test.go
@@ -64,15 +64,48 @@ func getCreateContainerTestData() (*runtime.ContainerConfig, *runtime.PodSandbox
 			{Key: "k2", Value: "v2"},
 		},
 		Mounts: []*runtime.Mount{
+			// everything default
 			{
 				ContainerPath: "container-path-1",
 				HostPath:      "host-path-1",
 			},
+			// readOnly
 			{
 				ContainerPath: "container-path-2",
 				HostPath:      "host-path-2",
 				Readonly:      true,
 			},
+			// Propagation private
+			{
+				ContainerPath: "container-path-3",
+				HostPath:      "host-path-3",
+				Propagation:   runtime.MountPropagation_PROPAGATION_PRIVATE,
+			},
+			// Propagation rslave
+			{
+				ContainerPath: "container-path-4",
+				HostPath:      "host-path-4",
+				Propagation:   runtime.MountPropagation_PROPAGATION_HOST_TO_CONTAINER,
+			},
+			// Propagation rshared
+			{
+				ContainerPath: "container-path-5",
+				HostPath:      "host-path-5",
+				Propagation:   runtime.MountPropagation_PROPAGATION_BIDIRECTIONAL,
+			},
+			// Propagation unknown (falls back to private)
+			{
+				ContainerPath: "container-path-6",
+				HostPath:      "host-path-6",
+				Propagation:   runtime.MountPropagation(42),
+			},
+			// Everything
+			{
+				ContainerPath: "container-path-7",
+				HostPath:      "host-path-7",
+				Readonly:      true,
+				Propagation:   runtime.MountPropagation_PROPAGATION_BIDIRECTIONAL,
+			},
 		},
 		Labels:      map[string]string{"a": "b"},
 		Annotations: map[string]string{"c": "d"},
@@ -123,6 +156,11 @@ func getCreateContainerTestData() (*runtime.ContainerConfig, *runtime.PodSandbox
 		t.Logf("Check bind mount")
 		checkMount(t, spec.Mounts, "host-path-1", "container-path-1", "bind", []string{"rbind", "rprivate", "rw"}, nil)
 		checkMount(t, spec.Mounts, "host-path-2", "container-path-2", "bind", []string{"rbind", "rprivate", "ro"}, nil)
+		checkMount(t, spec.Mounts, "host-path-3", "container-path-3", "bind", []string{"rbind", "rprivate", "rw"}, nil)
+		checkMount(t, spec.Mounts, "host-path-4", "container-path-4", "bind", []string{"rbind", "rslave", "rw"}, nil)
+		checkMount(t, spec.Mounts, "host-path-5", "container-path-5", "bind", []string{"rbind", "rshared", "rw"}, nil)
+		checkMount(t, spec.Mounts, "host-path-6", "container-path-6", "bind", []string{"rbind", "rprivate", "rw"}, nil)
+		checkMount(t, spec.Mounts, "host-path-7", "container-path-7", "bind", []string{"rbind", "rshared", "ro"}, nil)

 		t.Logf("Check resource limits")
 		assert.EqualValues(t, *spec.Linux.Resources.CPU.Period, 100)