Fix mount error when chmod RO tmpfs#2570
Merged
AkihiroSuda merged 1 commit intoopencontainers:masterfrom Oct 26, 2020
Merged
Conversation
EduardoVega
force-pushed
the
2246-fix-chmod-ro-tmpfs-mount
branch
from
e9412d9 to
c8e2cfa
Compare
AkihiroSuda
reviewed
Aug 28, 2020
AkihiroSuda
previously approved these changes
Aug 29, 2020
EduardoVega
force-pushed
the
2246-fix-chmod-ro-tmpfs-mount
branch
from
577caf0 to
2734c76
Compare
Contributor
Author
|
@AkihiroSuda I have squashed the commits, they were not initially. |
AkihiroSuda
previously approved these changes
Sep 10, 2020
Member
|
@kolyshkin PTAL |
kolyshkin
reviewed
Oct 1, 2020
kolyshkin
reviewed
Oct 1, 2020
kolyshkin
reviewed
Oct 1, 2020
kolyshkin
reviewed
Oct 1, 2020
kolyshkin
reviewed
Oct 1, 2020
kolyshkin
reviewed
Oct 1, 2020
Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
EduardoVega
force-pushed
the
2246-fix-chmod-ro-tmpfs-mount
branch
from
2734c76 to
fb4c27c
Compare
Contributor
Author
|
Thanks. I have completed all requested changes. |
Contributor
|
@AkihiroSuda @mrunalp PTAL |
AkihiroSuda
approved these changes
Oct 26, 2020
Closed
This was referenced Nov 12, 2021
rpluem-vf
added a commit
to rpluem-vf/runc
that referenced
this pull request
Apr 3, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options set fail in rootless mode if the same options are not set for the bind mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again with roset. Follow the same approach for nodev, nosuid, noexec . Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf
added a commit
to rpluem-vf/runc
that referenced
this pull request
Apr 3, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options set fail in rootless mode if the same options are not set for the bind mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again with roset. Follow the same approach for nodev, nosuid, noexec . Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf
added a commit
to rpluem-vf/runc
that referenced
this pull request
Apr 4, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options set fail in rootless mode if the same options are not set for the bind mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again with roset. Follow the same approach for nodev, nosuid, noexec . Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf
added a commit
to rpluem-vf/runc
that referenced
this pull request
Apr 5, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options set fail in rootless mode if the same options are not set for the bind mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again with ro set. Follow the same approach for nodev, nosuid, noexec. Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf
added a commit
to rpluem-vf/runc
that referenced
this pull request
Apr 18, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options set fail in rootless mode if the same options are not set for the bind mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again with ro set. Follow the same approach for nodev, nosuid, noexec. Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf
added a commit
to rpluem-vf/runc
that referenced
this pull request
Apr 24, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options set fail in rootless mode if the same options are not set for the bind mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again with ro set. Follow the same approach for nodev, nosuid, noexec. Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf
added a commit
to rpluem-vf/runc
that referenced
this pull request
Apr 25, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options set fail in rootless mode if the same options are not set for the bind mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again with ro set. Follow the same approach for nodev, nosuid, noexec. Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf
added a commit
to rpluem-vf/runc
that referenced
this pull request
Apr 26, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options set fail in rootless mode if the same options are not set for the bind mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again with ro set. Follow the same approach for nodev, nosuid, noexec. Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf
added a commit
to rpluem-vf/runc
that referenced
this pull request
May 9, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options set fail in rootless mode if the same options are not set for the bind mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again with ro set. Follow the same approach for nodev, nosuid, noexec. Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf
added a commit
to rpluem-vf/runc
that referenced
this pull request
Jun 2, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec options set fail in rootless mode if the same options are not set for the bind mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again with ro set. Follow the same approach for nodev, nosuid, noexec. Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf
added a commit
to rpluem-vf/runc
that referenced
this pull request
Jun 12, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec, noatime, relatime, strictatime, nodiratime options set fail in rootless mode if the same options are not set for the bind mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again with ro set. Follow the same approach for nodev, nosuid, noexec, noatime, relatime, strictatime, nodiratime but allow to revert back to the old behaviour via the new `--no-mount-fallback` command line option. Add a testcase to verify that bind mounts of filesystems with nodev, nosuid, noexec, noatime options set work in rootless mode. Add a testcase that mounts a nodev, nosuid, noexec, noatime filesystem with a ro flag. Add two further testcases that ensure that the above testcases would fail if the `--no-mount-fallback` command line option is set. * contrib/completions/bash/runc: Add `--no-mount-fallback` command line option for bash completion. * create.go: Add `--no-mount-fallback` command line option. * restore.go: Add `--no-mount-fallback` command line option. * run.go: Add `--no-mount-fallback` command line option. * libcontainer/configs/config.go: Add `NoMountFallback` field to the `Config` struct to store the command line option value. * libcontainer/specconv/spec_linux.go: Add `NoMountFallback` field to the `CreateOpts` struct to store the command line option value and store it in the libcontainer config. * utils_linux.go: Store the command line option value in the `CreateOpts` struct. * libcontainer/rootfs_linux.go: In case that `--no-mount-fallback` is not set try to remount the bind filesystem again with the options nodev, nosuid, noexec, noatime, relatime, strictatime or nodiratime if they are set on the source filesystem. * tests/integration/mounts_sshfs.bats: Add testcases and rework sshfs setup to allow specifying different mount options depending on the test case. Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
rpluem-vf
added a commit
to rpluem-vf/runc
that referenced
this pull request
Jul 12, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec, noatime, relatime, strictatime, nodiratime options set fail in rootless mode if the same options are not set for the bind mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again with ro set. Follow the same approach for nodev, nosuid, noexec, noatime, relatime, strictatime, nodiratime but allow to revert back to the old behaviour via the new `--no-mount-fallback` command line option. Add a testcase to verify that bind mounts of filesystems with nodev, nosuid, noexec, noatime options set work in rootless mode. Add a testcase that mounts a nodev, nosuid, noexec, noatime filesystem with a ro flag. Add two further testcases that ensure that the above testcases would fail if the `--no-mount-fallback` command line option is set. * contrib/completions/bash/runc: Add `--no-mount-fallback` command line option for bash completion. * create.go: Add `--no-mount-fallback` command line option. * restore.go: Add `--no-mount-fallback` command line option. * run.go: Add `--no-mount-fallback` command line option. * libcontainer/configs/config.go: Add `NoMountFallback` field to the `Config` struct to store the command line option value. * libcontainer/specconv/spec_linux.go: Add `NoMountFallback` field to the `CreateOpts` struct to store the command line option value and store it in the libcontainer config. * utils_linux.go: Store the command line option value in the `CreateOpts` struct. * libcontainer/rootfs_linux.go: In case that `--no-mount-fallback` is not set try to remount the bind filesystem again with the options nodev, nosuid, noexec, noatime, relatime, strictatime or nodiratime if they are set on the source filesystem. * tests/integration/mounts_sshfs.bats: Add testcases and rework sshfs setup to allow specifying different mount options depending on the test case. Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
kolyshkin
pushed a commit
to rpluem-vf/runc
that referenced
this pull request
Jul 28, 2023
Currently bind mounts of filesystems with nodev, nosuid, noexec, noatime, relatime, strictatime, nodiratime options set fail in rootless mode if the same options are not set for the bind mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again with ro set. Follow the same approach for nodev, nosuid, noexec, noatime, relatime, strictatime, nodiratime but allow to revert back to the old behaviour via the new `--no-mount-fallback` command line option. Add a testcase to verify that bind mounts of filesystems with nodev, nosuid, noexec, noatime options set work in rootless mode. Add a testcase that mounts a nodev, nosuid, noexec, noatime filesystem with a ro flag. Add two further testcases that ensure that the above testcases would fail if the `--no-mount-fallback` command line option is set. * contrib/completions/bash/runc: Add `--no-mount-fallback` command line option for bash completion. * create.go: Add `--no-mount-fallback` command line option. * restore.go: Add `--no-mount-fallback` command line option. * run.go: Add `--no-mount-fallback` command line option. * libcontainer/configs/config.go: Add `NoMountFallback` field to the `Config` struct to store the command line option value. * libcontainer/specconv/spec_linux.go: Add `NoMountFallback` field to the `CreateOpts` struct to store the command line option value and store it in the libcontainer config. * utils_linux.go: Store the command line option value in the `CreateOpts` struct. * libcontainer/rootfs_linux.go: In case that `--no-mount-fallback` is not set try to remount the bind filesystem again with the options nodev, nosuid, noexec, noatime, relatime, strictatime or nodiratime if they are set on the source filesystem. * tests/integration/mounts_sshfs.bats: Add testcases and rework sshfs setup to allow specifying different mount options depending on the test case. Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Based on the comments, this will mount the filesystem rw, then chmod, and finally remount it with ro.
Fixes #2246
Signed-off-by: Eduardo Vega edvegavalerio@gmail.com