From 51b22547428ec9704eec614882c9016796faaefa Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 21 Sep 2017 13:31:13 +0000 Subject: [PATCH] Tell oci-umount where to remove mountpoints inside container This patch set add crio-umount.conf file which tells oci-umount plugin to look for leaked mount points in /var/lib/containers/storage/* and /var/run/containers/* Signed-off-by: Daniel J Walsh --- Makefile | 3 +++ contrib/rpm/crio.spec | 4 ++++ crio-umount.conf | 8 ++++++++ 3 files changed, 15 insertions(+) create mode 100644 crio-umount.conf diff --git a/Makefile b/Makefile index e3e5050b..0b9ba04e 100644 --- a/Makefile +++ b/Makefile @@ -13,6 +13,8 @@ ETCDIR ?= ${DESTDIR}/etc ETCDIR_CRIO ?= ${ETCDIR}/crio BUILDTAGS ?= selinux seccomp $(shell hack/btrfs_tag.sh) $(shell hack/libdm_tag.sh) BASHINSTALLDIR=${PREFIX}/share/bash-completion/completions +OCIUMOUNTINSTALLDIR=$(PREFIX)/share/oci-umount/oci-umount.d + SELINUXOPT ?= $(shell test -x /usr/sbin/selinuxenabled && selinuxenabled && echo -Z) PACKAGES ?= $(shell go list -tags "${BUILDTAGS}" ./... | grep -v github.com/kubernetes-incubator/cri-o/vendor) @@ -154,6 +156,7 @@ install: .gopathok install.config: install ${SELINUXOPT} -D -m 644 crio.conf $(ETCDIR_CRIO)/crio.conf install ${SELINUXOPT} -D -m 644 seccomp.json $(ETCDIR_CRIO)/seccomp.json + install ${SELINUXOPT} -D -m 644 crio-umount.conf $(OCIUMOUNTINSTALLDIR)/crio-umount.conf install.completions: install ${SELINUXOPT} -d -m 755 ${BASHINSTALLDIR} diff --git a/contrib/rpm/crio.spec b/contrib/rpm/crio.spec index bd7dd3f7..3485fe37 100644 --- a/contrib/rpm/crio.spec +++ b/contrib/rpm/crio.spec @@ -53,12 +53,16 @@ make all %{_mandir}/man5/crio.conf.5* %{_mandir}/man8/crio.8* %{_sysconfdir}/crio.conf +%{_sysconfdir}/seccomp.json %dir /%{_libexecdir}/crio /%{_libexecdir}/crio/conmon /%{_libexecdir}/crio/pause %{_unitdir}/crio.service %doc README.md %license LICENSE +%dir /usr/share/oci-umount/oci-umount.d +/usr/share/oci-umount/oci-umount.d/cri-umount.conf + %preun %systemd_preun %{Name} diff --git a/crio-umount.conf b/crio-umount.conf new file mode 100644 index 00000000..5177e636 --- /dev/null +++ b/crio-umount.conf @@ -0,0 +1,8 @@ +# This contains a list of paths on host which will be unmounted inside +# container. (If they are mounted inside container). + +# If there is a "/*" at the end, that means only mounts underneath that +# mounts (submounts) will be unmounted but top level mount will remain +# in place. +/var/run/containers/* +/var/lib/containers/storage/*