Create temp mount location manager

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

container_opts_unix.go

@@ -188,7 +188,7 @@ func withRemappedSnapshotBase(id string, i Image, uid, gid uint32, readonly bool
 }
 
 func remapRootFS(ctx context.Context, mounts []mount.Mount, uid, gid uint32) error {
-	return mount.WithTempMount(ctx, mounts, func(root string) error {
+	return mount.DefaultTempLocation.Mount(ctx, mounts, func(root string) error {
 		return filepath.Walk(root, incrementFS(root, uid, gid))
 	})
 }

diff/apply/apply.go

@@ -56,7 +56,7 @@ func (s *fsApplier) Apply(ctx context.Context, desc ocispec.Descriptor, mounts [
 	}
 
 	var ocidesc ocispec.Descriptor
-	if err := mount.WithTempMount(ctx, mounts, func(root string) error {
+	if err := mount.DefaultTempLocation.Mount(ctx, mounts, func(root string) error {
 		ra, err := s.store.ReaderAt(ctx, desc.Digest)
 		if err != nil {
 			return errors.Wrap(err, "failed to get reader from content store")

diff/walking/differ.go

@@ -62,8 +62,8 @@ func (s *walkingDiff) Compare(ctx context.Context, lower, upper []mount.Mount, o
 	}
 
 	var ocidesc ocispec.Descriptor
-	if err := mount.WithTempMount(ctx, lower, func(lowerRoot string) error {
+	if err := mount.DefaultTempLocation.Mount(ctx, lower, func(lowerRoot string) error {
-		return mount.WithTempMount(ctx, upper, func(upperRoot string) error {
+		return mount.DefaultTempLocation.Mount(ctx, upper, func(upperRoot string) error {
 			var newReference bool
 			if config.Reference == "" {
 				newReference = true

mount/mount.go

@@ -1,14 +1,5 @@
 package mount
 
-import (
-	"context"
-	"io/ioutil"
-	"os"
-
-	"github.com/containerd/containerd/log"
-	"github.com/pkg/errors"
-)
-
 // Mount is the lingua franca of containerd. A mount represents a
 // serialized mount syscall. Components either emit or consume mounts.
 type Mount struct {
@@ -31,42 +22,3 @@ func All(mounts []Mount, target string) error {
 	}
 	return nil
 }
-
-// WithTempMount mounts the provided mounts to a temp dir, and pass the temp dir to f.
-// The mounts are valid during the call to the f.
-// Finally we will unmount and remove the temp dir regardless of the result of f.
-func WithTempMount(ctx context.Context, mounts []Mount, f func(root string) error) (err error) {
-	root, uerr := ioutil.TempDir("", "containerd-WithTempMount")
-	if uerr != nil {
-		return errors.Wrapf(uerr, "failed to create temp dir")
-	}
-	// We use Remove here instead of RemoveAll.
-	// The RemoveAll will delete the temp dir and all children it contains.
-	// When the Unmount fails, RemoveAll will incorrectly delete data from
-	// the mounted dir. However, if we use Remove, even though we won't
-	// successfully delete the temp dir and it may leak, we won't loss data
-	// from the mounted dir.
-	// For details, please refer to #1868 #1785.
-	defer func() {
-		if uerr = os.Remove(root); uerr != nil {
-			log.G(ctx).WithError(uerr).WithField("dir", root).Errorf("failed to remove mount temp dir")
-		}
-	}()
-
-	// We should do defer first, if not we will not do Unmount when only a part of Mounts are failed.
-	defer func() {
-		if uerr = UnmountAll(root, 0); uerr != nil {
-			uerr = errors.Wrapf(uerr, "failed to unmount %s", root)
-			if err == nil {
-				err = uerr
-			} else {
-				err = errors.Wrap(err, uerr.Error())
-			}
-		}
-	}()
-	if uerr = All(mounts, root); uerr != nil {
-		return errors.Wrapf(uerr, "failed to mount %s", root)
-	}
-
-	return errors.Wrapf(f(root), "mount callback failed on %s", root)
-}

mount/temp.go

@@ -0,0 +1,118 @@
+package mount
+
+import (
+	"context"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"sort"
+	"strings"
+
+	"github.com/containerd/containerd/log"
+	"github.com/pkg/errors"
+)
+
+func init() {
+	t, err := TempLocation("/tmp")
+	if err != nil {
+		panic(err)
+	}
+	DefaultTempLocation = t
+}
+
+var DefaultTempLocation TempMounts
+
+func TempLocation(root string) (TempMounts, error) {
+	root, err := filepath.Abs(root)
+	if err != nil {
+		return DefaultTempLocation, err
+	}
+	if err := os.MkdirAll(root, 0700); err != nil {
+		return DefaultTempLocation, err
+	}
+	return TempMounts{
+		root: root,
+	}, nil
+}
+
+type TempMounts struct {
+	root string
+}
+
+// WithTempMount mounts the provided mounts to a temp dir, and pass the temp dir to f.
+// The mounts are valid during the call to the f.
+// Finally we will unmount and remove the temp dir regardless of the result of f.
+func (t TempMounts) Mount(ctx context.Context, mounts []Mount, f func(root string) error) (err error) {
+	root, uerr := ioutil.TempDir(t.root, "containerd-WithTempMount")
+	if uerr != nil {
+		return errors.Wrapf(uerr, "failed to create temp dir")
+	}
+	// We use Remove here instead of RemoveAll.
+	// The RemoveAll will delete the temp dir and all children it contains.
+	// When the Unmount fails, RemoveAll will incorrectly delete data from
+	// the mounted dir. However, if we use Remove, even though we won't
+	// successfully delete the temp dir and it may leak, we won't loss data
+	// from the mounted dir.
+	// For details, please refer to #1868 #1785.
+	defer func() {
+		if uerr = os.Remove(root); uerr != nil {
+			log.G(ctx).WithError(uerr).WithField("dir", root).Errorf("failed to remove mount temp dir")
+		}
+	}()
+
+	// We should do defer first, if not we will not do Unmount when only a part of Mounts are failed.
+	defer func() {
+		if uerr = UnmountAll(root, 0); uerr != nil {
+			uerr = errors.Wrapf(uerr, "failed to unmount %s", root)
+			if err == nil {
+				err = uerr
+			} else {
+				err = errors.Wrap(err, uerr.Error())
+			}
+		}
+	}()
+	if uerr = All(mounts, root); uerr != nil {
+		return errors.Wrapf(uerr, "failed to mount %s", root)
+	}
+	return errors.Wrapf(f(root), "mount callback failed on %s", root)
+}
+
+// Unmount all temp mounts and remove the directories
+func (t TempMounts) Unmount(flags int) error {
+	mounts, err := PID(os.Getpid())
+	if err != nil {
+		return err
+	}
+	var toUnmount []string
+	for _, m := range mounts {
+		if strings.HasPrefix(m.Mountpoint, t.root) {
+			toUnmount = append(toUnmount, m.Mountpoint)
+		}
+	}
+	sort.Sort(sort.Reverse(mountSorter(toUnmount)))
+	for _, path := range toUnmount {
+		if err := UnmountAll(path, flags); err != nil {
+			return err
+		}
+		if err := os.Remove(path); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+type mountSorter []string
+
+func (by mountSorter) Len() int {
+	return len(by)
+}
+
+func (by mountSorter) Less(i, j int) bool {
+	is := strings.Split(by[i], string(os.PathSeparator))
+	js := strings.Split(by[j], string(os.PathSeparator))
+	return len(is) < len(js)
+}
+
+func (by mountSorter) Swap(i, j int) {
+	by[i], by[j] = by[j], by[i]
+}

oci/spec_opts_unix.go

@@ -287,7 +287,7 @@ func WithUserID(uid uint32) SpecOpts {
 		if err != nil {
 			return err
 		}
-		return mount.WithTempMount(ctx, mounts, func(root string) error {
+		return mount.DefaultTempLocation.Mount(ctx, mounts, func(root string) error {
 			uuid, ugid, err := getUIDGIDFromPath(root, func(u user.User) bool {
 				return u.Uid == int(uid)
 			})
@@ -334,7 +334,7 @@ func WithUsername(username string) SpecOpts {
 		if err != nil {
 			return err
 		}
-		return mount.WithTempMount(ctx, mounts, func(root string) error {
+		return mount.DefaultTempLocation.Mount(ctx, mounts, func(root string) error {
 			uid, gid, err := getUIDGIDFromPath(root, func(u user.User) bool {
 				return u.Name == username
 			})