Skip to content

Fix for host mount ns containers #3996

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lifubang merged 2 commits into from
Aug 29, 2023
Merged

Fix for host mount ns containers #3996

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
41778dd
Fix for host mount ns containers
kolyshkin Aug 26, 2023
e852523
tests/int: add a test for host mntns vs hooks
kolyshkin Aug 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 0 additions & 30 deletions libcontainer/process_linux.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -514,36 +514,6 @@ func (p *initProcess) start() (retErr error) {
if err := setupRlimits(p.config.Rlimits, p.pid()); err != nil {
return fmt.Errorf("error setting rlimits for ready process: %w", err)
}
// call prestart and CreateRuntime hooks
if !p.config.Config.Namespaces.Contains(configs.NEWNS) {
// Setup cgroup before the hook, so that the prestart and CreateRuntime hook could apply cgroup permissions.
if err := p.manager.Set(p.config.Config.Cgroups.Resources); err != nil {
return fmt.Errorf("error setting cgroup config for ready process: %w", err)
}
if p.intelRdtManager != nil {
if err := p.intelRdtManager.Set(p.config.Config); err != nil {
return fmt.Errorf("error setting Intel RDT config for ready process: %w", err)
}
}

if len(p.config.Config.Hooks) != 0 {
s, err := p.container.currentOCIState()
if err != nil {
return err
}
// initProcessStartTime hasn't been set yet.
s.Pid = p.cmd.Process.Pid
s.Status = specs.StateCreating
hooks := p.config.Config.Hooks

if err := hooks.Run(configs.Prestart, s); err != nil {
return err
}
if err := hooks.Run(configs.CreateRuntime, s); err != nil {
return err
}
}
}

// generate a timestamp indicating when the container was started
p.container.created = time.Now().UTC()
Expand Down
33 changes: 33 additions & 0 deletions tests/integration/host-mntns.bats
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
#!/usr/bin/env bats

load helpers

function setup() {
requires root
setup_busybox
}

function teardown() {
[ ! -v ROOT ] && return 0 # nothing to teardown

# XXX runc does not unmount a container which
# shares mount namespace with the host.
umount -R --lazy "$ROOT"/bundle/rootfs

teardown_bundle
}

@test "runc run [host mount ns + hooks]" {
update_config ' .process.args = ["/bin/echo", "Hello World"]
| .hooks |= . + {"createRuntime": [{"path": "/bin/sh", "args": ["/bin/sh", "-c", "touch createRuntimeHook.$$"]}]}
| .linux.namespaces -= [{"type": "mount"}]
| .linux.maskedPaths = []
| .linux.readonlyPaths = []'
runc run test_host_mntns
[ "$status" -eq 0 ]
runc delete -f test_host_mntns

# There should be one such file.
run -0 ls createRuntimeHook.*
[ "$(echo "$output" | wc -w)" -eq 1 ]
}