- Notifications
You must be signed in to change notification settings - Fork18.8k
[24.0 backport] c8d integration: Use refcount mounter for diff and export#46266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
Check that operations that could potentially perform overlayfs mountsthat could cause undefined behaviors.Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>(cherry picked from commit303e2b1)Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
To prevent mounting the container rootfs in a rw mode if it's alreadymounted. This can't use `mount.WithReadonlyTempMount` because thearchive code does a chroot with a pivot_root, which creates a newdirectory in the rootfs.Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>(cherry picked from commit051d51b)Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
The container rw layer may already be mounted, so it's not safe to useit in another overlay mount. Use the ref counted mounter (which willreuse the existing mount if it exists) to avoid that.Also, mount the parent mounts (layers of the base image) in a read-onlymode.Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>(cherry picked from commit6da42ca)Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
thaJeztah approved these changesAug 18, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
LGTM
rumpl approved these changesAug 21, 2023
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Labels
area/runtimecontainerd-integrationIssues and PRs related to containerd integration kind/bugfixPR's that fix bugs status/4-merge
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
- What I did
Use refcounted mounter introduced in#45698 when doing diff and export. This is to reuse already mounted rootfs of a container and avoid breaking overlay by mounting an workdir layer as a lowerdir of other mounts.
Also added an integration test to verify.
- How I did it
See individual commits.
- How to verify it
$ make DOCKER_GRAPHDRIVER=overlayfs TEST_INTEGRATION_USE_SNAPSHOTTER=1 TEST_FILTER='TestOverlayfs' test-integrationTest with#45698 reverted
Before this PR
After this PR
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)