github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #6913 from wllenyj/devshm

Browse Source
This commit is contained in:
Fu Wei 2022-06-14 19:11:44 +08:00 committed by GitHub
commit fbf76c201f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/cri/server/sandbox_run_linux.go
View File

@ -101,12 +101,17 @@ func (c *criService) sandboxContainerSpec(id string, config *runtime.PodSandboxC
if nsOptions.GetIpc() == runtime.NamespaceMode_NODE { if nsOptions.GetIpc() == runtime.NamespaceMode_NODE {
sandboxDevShm = devShm sandboxDevShm = devShm
} }
// Remove the default /dev/shm mount from defaultMounts, it is added in oci/mounts.go.
specOpts = append(specOpts, oci.WithoutMounts(devShm))
// In future the when user-namespace is enabled, the `nosuid, nodev, noexec` flags are
// required, otherwise the remount will fail with EPERM. Just use them unconditionally,
// they are nice to have anyways.
specOpts = append(specOpts, oci.WithMounts([]runtimespec.Mount{ specOpts = append(specOpts, oci.WithMounts([]runtimespec.Mount{
{ {
Source: sandboxDevShm, Source: sandboxDevShm,
Destination: devShm, Destination: devShm,
Type: "bind", Type: "bind",
Options: []string{"rbind", "ro"}, Options: []string{"rbind", "ro", "nosuid", "nodev", "noexec"},
}, },
// Add resolv.conf for katacontainers to setup the DNS of pod VM properly. // Add resolv.conf for katacontainers to setup the DNS of pod VM properly.
{ {