Skip to content
This repository has been archived by the owner on Dec 13, 2018. It is now read-only.

Mount rootfs PRIVATE but volume mounts shared #623

Closed
wants to merge 1 commit into from
Closed

Mount rootfs PRIVATE but volume mounts shared #623

wants to merge 1 commit into from

Conversation

rhatdan
Copy link
Contributor

@rhatdan rhatdan commented Jun 11, 2015

Currently we are remounting the entire OS as PRIVATE which breaks
shared volume mounts. This patch only mounts the rootfs as PRIVATE
which allows the volume mounts to be shared.

Docker-DCO-1.1-Signed-off-by: Dan Walsh [email protected] (github: rhatdan)

Docker-DCO-1.1-Signed-off-by: Dan Walsh [email protected] (github: rhatdan)

@rhatdan
Mount rootfs PRIVATE but volume mounts shared
752b5f6 
Currently we are remounting the entire OS as PRIVATE which breaks
shared volume mounts. This patch only mounts the rootfs as PRIVATE
which allows the volume mounts to be shared.

Docker-DCO-1.1-Signed-off-by: Dan Walsh [email protected] (github: rhatdan)

Docker-DCO-1.1-Signed-off-by: Dan Walsh <[email protected]> (github: rhatdan)
@rhatdan
Copy link
Contributor Author

rhatdan commented Jun 11, 2015

Does this solve the problem with the following

moby/moby#13854

@mrunalp mrunalp mentioned this pull request Jun 15, 2015
Closed
@crosbymichael
Copy link
Contributor

Why would you not just set the MS_SLAVE flag in the mount's flags?

@rhatdan
Copy link
Contributor Author

rhatdan commented Jun 15, 2015

@crosbymichael Won't work. If you mount / as RPRIVATE all sharing is over FOREVER. You can not get sharing back. Mounting this way allows you to change the sharing per mount point.

The question is does this fix the issues you were seeing?

We are working on another proposal to allow us to set this flag on a container by container basis.

#632 (comment)

@rhatdan
Copy link
Contributor Author

rhatdan commented Jul 20, 2015

@crosbymichael Did you ever get a chance to look at this.

avagin
avagin reviewed Jul 21, 2015
View reviewed changes
rootfs_linux.go
@@ -168,6 +168,10 @@ func mountToRootfs(m *configs.Mount, rootfs, mountLabel string) error {
if err := syscall.Mount("", dest, "none", uintptr(syscall.MS_PRIVATE), ""); err != nil {
return err
}
} else {
if err := syscall.Mount("", dest, "none", uintptr(syscall.MS_SLAVE), ""); err != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you explain this chunk?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the mount was not specified as PRIVATE ,then we default to SLAVE.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can I specify syscall.MS_SHARED? If yes, should we handle it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not yet, there is a separate pull request being worked on for handling all three requests.

You really want that on a container by container basis. The problem we have now is the entire host OS is being setup Private, which means no mount points can ever be made SHARED or SLAVE.

This change is just to make ROOTFS PRIVATE allowing mountpoints outside of ROOTFS to be mounted as PRIVATE. If this works and does not cause the problem @crosbymichael pulled the previous patch for, we can continue working on allowing users to specify differnet mount propogation rules on a container by container basis.

@rhatdan rhatdan closed this Feb 26, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
status/0-needs-triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rhatdan @crosbymichael @avagin @GordonTheTurtle