github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #6593 from qiutongs/improve-container-mount

Browse Source 
Make the temp mount as ready only in container WithVolumes
This commit is contained in:
Fu Wei 2022-03-18 00:03:28 +08:00 committed by GitHub
commit d9797673b0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/cri/opts/container.go
View File

@ -69,6 +69,12 @@ func WithVolumes(volumeMounts map[string]string) containerd.NewContainerOpts {
if err != nil { if err != nil {
return err return err
} }
// Since only read is needed, append ReadOnly mount option to prevent linux kernel
// from syncing whole filesystem in umount syscall.
if len(mounts) == 1 && mounts[0].Type == "overlay" {
mounts[0].Options = append(mounts[0].Options, "ro")
}
root, err := os.MkdirTemp("", "ctd-volume") root, err := os.MkdirTemp("", "ctd-volume")
if err != nil { if err != nil {
return err return err