From 116902cd2189df59732a1788456f78effc381460 Mon Sep 17 00:00:00 2001
From: zhangjianming <zhang.jianming7@zte.com.cn>
Date: Mon, 12 Oct 2020 09:39:59 +0800
Subject: [PATCH] fix no-pivot not working in io.containerd.runtime.v1.linux

Signed-off-by: zhangjianming <zhang.jianming7@zte.com.cn>
---
 pkg/cri/server/sandbox_run_linux.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkg/cri/server/sandbox_run_linux.go b/pkg/cri/server/sandbox_run_linux.go
index a7c80a15f..f043504e6 100644
--- a/pkg/cri/server/sandbox_run_linux.go
+++ b/pkg/cri/server/sandbox_run_linux.go
@@ -301,8 +301,14 @@ func (c *criService) cleanupSandboxFiles(id string, config *runtime.PodSandboxCo
 func (c *criService) taskOpts(runtimeType string) []containerd.NewTaskOpts {
 	// TODO(random-liu): Remove this after shim v1 is deprecated.
 	var taskOpts []containerd.NewTaskOpts
-	if c.config.NoPivot && (runtimeType == plugin.RuntimeRuncV1 || runtimeType == plugin.RuntimeRuncV2) {
+
+	// c.config.NoPivot is only supported for RuntimeLinuxV1 = "io.containerd.runtime.v1.linux" legacy linux runtime
+	// and is not supported for RuntimeRuncV1 = "io.containerd.runc.v1" or  RuntimeRuncV2 = "io.containerd.runc.v2"
+	// for RuncV1/2 no pivot is set under the containerd.runtimes.runc.options config see
+	// https://github.com/containerd/containerd/blob/v1.3.2/runtime/v2/runc/options/oci.pb.go#L26
+	if c.config.NoPivot && runtimeType == plugin.RuntimeLinuxV1 {
 		taskOpts = append(taskOpts, containerd.WithNoPivotRoot)
 	}
+
 	return taskOpts
 }