diff options
author | Kevin Krakauer <krakauer@google.com> | 2018-08-27 20:33:38 -0700 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-08-27 20:34:27 -0700 |
commit | a4529c1b5b485f6283367bfdc0e4228bbbd3e51f (patch) | |
tree | a8cdb2aec381e2ae0dda1f5dfbf6788147feb7b2 | |
parent | f0492d45aa31e32f8a04b13b7bf53e0161e1afb6 (diff) |
runsc: Fix readonly filesystem causing failure to create containers.
For readonly filesystems specified via relative path, we were forgetting to
mount relative to the container's bundle directory.
PiperOrigin-RevId: 210483388
Change-Id: I84809fce4b1f2056d0e225547cb611add5f74177
-rw-r--r-- | runsc/container/BUILD | 1 | ||||
-rw-r--r-- | runsc/container/fs.go | 21 |
2 files changed, 13 insertions, 9 deletions
diff --git a/runsc/container/BUILD b/runsc/container/BUILD index cba418d0c..b86974d41 100644 --- a/runsc/container/BUILD +++ b/runsc/container/BUILD @@ -29,7 +29,6 @@ go_library( "//runsc/specutils", "@com_github_cenkalti_backoff//:go_default_library", "@com_github_opencontainers_runtime-spec//specs-go:go_default_library", - "@org_golang_x_sys//unix:go_default_library", ], ) diff --git a/runsc/container/fs.go b/runsc/container/fs.go index 652f81bbf..c12f5c331 100644 --- a/runsc/container/fs.go +++ b/runsc/container/fs.go @@ -22,7 +22,6 @@ import ( "syscall" specs "github.com/opencontainers/runtime-spec/specs-go" - "golang.org/x/sys/unix" "gvisor.googlesource.com/gvisor/pkg/log" "gvisor.googlesource.com/gvisor/runsc/boot" "gvisor.googlesource.com/gvisor/runsc/specutils" @@ -84,29 +83,29 @@ func setupFS(spec *specs.Spec, conf *boot.Config, bundleDir string) error { } srcfi, err := os.Stat(src) if err != nil { - return err + return fmt.Errorf("failed to stat() mount source: %v", err) } // It's possible that 'm.Destination' follows symlinks inside the // container. dst, err := resolveSymlinks(spec.Root.Path, m.Destination) if err != nil { - return err + return fmt.Errorf("failed to resolve symlinks: %v", err) } // Create mount point if it doesn't exits if _, err := os.Stat(dst); os.IsNotExist(err) { if srcfi.IsDir() { if err := os.MkdirAll(dst, 0755); err != nil { - return err + return fmt.Errorf("failed to make mount directory %q: %v", dst, err) } } else { if err := os.MkdirAll(filepath.Dir(dst), 0755); err != nil { - return err + return fmt.Errorf("failed to make mount directory for file %q: %v", filepath.Dir(dst), err) } f, err := os.OpenFile(dst, os.O_CREATE, 0755) if err != nil { - return err + return fmt.Errorf("failed to open mount file %q: %v", dst, err) } f.Close() } @@ -116,7 +115,7 @@ func setupFS(spec *specs.Spec, conf *boot.Config, bundleDir string) error { flags |= syscall.MS_BIND log.Infof("Mounting src: %q, dst: %q, flags: %#x", src, dst, flags) if err := syscall.Mount(src, dst, m.Type, uintptr(flags), ""); err != nil { - return err + return fmt.Errorf("failed to mount src: %q, dst: %q, flags: %#x, err: %v", src, dst, flags, err) } } @@ -124,7 +123,13 @@ func setupFS(spec *specs.Spec, conf *boot.Config, bundleDir string) error { if spec.Root.Readonly { log.Infof("Remounting root as readonly: %q", spec.Root.Path) flags := uintptr(syscall.MS_BIND | syscall.MS_REMOUNT | syscall.MS_RDONLY | syscall.MS_REC) - return unix.Mount(spec.Root.Path, spec.Root.Path, "bind", flags, "") + src := spec.Root.Path + if !filepath.IsAbs(src) { + src = filepath.Join(bundleDir, src) + } + if err := syscall.Mount(src, src, "bind", flags, ""); err != nil { + return fmt.Errorf("failed to remount root as readonly with source: %q, target: %q, flags: %#x, err: %v", spec.Root.Path, spec.Root.Path, flags, err) + } } return nil } |