Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[24.0 backport] c8d integration: Use refcount mounter for diff and export #46266

Merged
merged 3 commits into from Aug 21, 2023
Merged

[24.0 backport] c8d integration: Use refcount mounter for diff and export #46266

merged 3 commits into from Aug 21, 2023

Commits on Aug 18, 2023

  1. integration: Add test for not breaking overlayfs 

    Check that operations that could potentially perform overlayfs mounts
that could cause undefined behaviors.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 303e2b1)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
    @vvoland
    vvoland committed Aug 18, 2023
    Configuration menu
    Copy the full SHA
    54953f2 View commit details
    Browse the repository at this point in the history

  2. c8d/export: Use ref counted mounter 

    To prevent mounting the container rootfs in a rw mode if it's already
mounted.  This can't use `mount.WithReadonlyTempMount` because the
archive code does a chroot with a pivot_root, which creates a new
directory in the rootfs.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 051d51b)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
    @vvoland
    vvoland committed Aug 18, 2023
    Configuration menu
    Copy the full SHA
    b76a0c7 View commit details
    Browse the repository at this point in the history

  3. c8d/diff: Reuse mount, mount parent as read-only 

    The container rw layer may already be mounted, so it's not safe to use
it in another overlay mount. Use the ref counted mounter (which will
reuse the existing mount if it exists) to avoid that.

Also, mount the parent mounts (layers of the base image) in a read-only
mode.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 6da42ca)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
    @vvoland
    vvoland committed Aug 18, 2023
    Configuration menu
    Copy the full SHA
    74bf46a View commit details
    Browse the repository at this point in the history