This only performs an unpack if there is an error when creating the
container snapshot (and only if it's a "not found' error) since it should
already be unpacked.
Signed-off-by: Brian Goff <brian.goff@docker.com>
Currently we have the pod and container labels part of
containerd metadata extensions. However for third party users
like cadvisor that depend on standard kube labels will need
to be aware of the way metadata is stored in containerd to
fetch the labels.
Signed-off-by: abhi <abhi@docker.com>
Since https://github.com/moby/moby/pull/35344 we clarified that this behaviour
was a mistake, and the read only flag should just apply to the actual rootfs,
so it corresponds to the OCI read-only option. Other mounts may be able to be
adjusted by re-specifying them or other means but this is unrelated.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
mount with `rshared`, the host path should be shared.
mount with `rslave`, the host pash should be shared or slave.
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
This is needed by runc to mount volume for containers that expect
biderectional file updates or host to container updates.
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
This will be made readonly by runc based on spec.Root.Readonly (which we
already set correctly) but defering until then gives runc the chance to make
any missing mount points as it processes the spec.Mount array.
This is necessary because many container images lack mount points for things
like the /etc/hosts which we want to overbind. This is not noticed with e.g.
Docker because it automatically creates an additional layer containing those.
This is something we may want to do here as well eventually but for now using a
writeable snapshot is both necessary and sufficient.
The same does not apply to the sandbox since we never modify its rootfs or want
to mount anything in it etc, add a comment to clarify.
Fixes#220.
Signed-off-by: Ian Campbell <ijc@docker.com>
This avoids errors such as:
spec: invalid environment variable "JAVA_OPTS=-Djava.security.egd=file:/dev/urandom"
use SplitN(2) to get the envvar name and value while allowing the value to
contain `=`.
Add some variables to the test data which have one or more `=` in the value.
Since this makes the resulting list of variables to check rather long split the
check in two and check the container config and image config derived values
independently.
Signed-off-by: Ian Campbell <ijc@docker.com>
