Add env var to toggle pivot root or ms_move
Use the DOCKER_RAMDISK env var to tell the native driver not to use a pivot root when setting up the rootfs of a container. Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby
parent
ca93316795
commit
da605a43d6
3 changed files with 49 additions and 20 deletions
|
|
@ -19,9 +19,12 @@ const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NOD
|
|||
//
|
||||
// There is no need to unmount the new mounts because as soon as the mount namespace
|
||||
// is no longer in use, the mounts will be removed automatically
|
||||
func setupNewMountNamespace(rootfs, console string, readonly bool) error {
|
||||
// mount as slave so that the new mounts do not propagate to the host
|
||||
if err := system.Mount("", "/", "", syscall.MS_PRIVATE|syscall.MS_REC, ""); err != nil {
|
||||
func setupNewMountNamespace(rootfs, console string, readonly, noPivotRoot bool) error {
|
||||
flag := syscall.MS_PRIVATE
|
||||
if noPivotRoot {
|
||||
flag = syscall.MS_SLAVE
|
||||
}
|
||||
if err := system.Mount("", "/", "", uintptr(flag|syscall.MS_REC), ""); err != nil {
|
||||
return fmt.Errorf("mounting / as slave %s", err)
|
||||
}
|
||||
if err := system.Mount(rootfs, rootfs, "bind", syscall.MS_BIND|syscall.MS_REC, ""); err != nil {
|
||||
|
|
@ -52,6 +55,23 @@ func setupNewMountNamespace(rootfs, console string, readonly bool) error {
|
|||
return fmt.Errorf("chdir into %s %s", rootfs, err)
|
||||
}
|
||||
|
||||
if noPivotRoot {
|
||||
if err := rootMsMove(rootfs); err != nil {
|
||||
return err
|
||||
}
|
||||
} else {
|
||||
if err := rootPivot(rootfs); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
system.Umask(0022)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// use a pivot root to setup the rootfs
|
||||
func rootPivot(rootfs string) error {
|
||||
pivotDir, err := ioutil.TempDir(rootfs, ".pivot_root")
|
||||
if err != nil {
|
||||
return fmt.Errorf("can't create pivot_root dir %s", pivotDir, err)
|
||||
|
|
@ -62,20 +82,28 @@ func setupNewMountNamespace(rootfs, console string, readonly bool) error {
|
|||
if err := system.Chdir("/"); err != nil {
|
||||
return fmt.Errorf("chdir / %s", err)
|
||||
}
|
||||
|
||||
// path to pivot dir now changed, update
|
||||
pivotDir = filepath.Join("/", filepath.Base(pivotDir))
|
||||
|
||||
if err := system.Unmount(pivotDir, syscall.MNT_DETACH); err != nil {
|
||||
return fmt.Errorf("unmount pivot_root dir %s", err)
|
||||
}
|
||||
|
||||
if err := os.Remove(pivotDir); err != nil {
|
||||
return fmt.Errorf("remove pivot_root dir %s", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
system.Umask(0022)
|
||||
|
||||
// use MS_MOVE and chroot to setup the rootfs
|
||||
func rootMsMove(rootfs string) error {
|
||||
if err := system.Mount(rootfs, "/", "", syscall.MS_MOVE, ""); err != nil {
|
||||
return fmt.Errorf("mount move %s into / %s", rootfs, err)
|
||||
}
|
||||
if err := system.Chroot("."); err != nil {
|
||||
return fmt.Errorf("chroot . %s", err)
|
||||
}
|
||||
if err := system.Chdir("/"); err != nil {
|
||||
return fmt.Errorf("chdir / %s", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue