diff options
author | Justine Olshan <justineolshan@google.com> | 2018-06-21 10:17:19 -0700 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-06-21 10:18:11 -0700 |
commit | f2a687001ded18a4343c1aa3bfba18b08c6a816a (patch) | |
tree | 7f1710c546067eff9a995bce5cc1426b549b6e14 /runsc/boot/fs.go | |
parent | 7d6149063a0bb6e563885a8f199756e7af5e69cf (diff) |
Added functionality to create a RestoreEnvironment.
Before a container can be restored, the mounts must be configured.
The root and submounts and their key information is compiled into a
RestoreEnvironment.
Future code will be added to set this created environment before
restoring a container.
Tests to ensure the correct environment were added.
PiperOrigin-RevId: 201544637
Change-Id: Ia894a8b0f80f31104d1c732e113b1d65a4697087
Diffstat (limited to 'runsc/boot/fs.go')
-rw-r--r-- | runsc/boot/fs.go | 91 |
1 files changed, 82 insertions, 9 deletions
diff --git a/runsc/boot/fs.go b/runsc/boot/fs.go index 7ebf22de8..7731763de 100644 --- a/runsc/boot/fs.go +++ b/runsc/boot/fs.go @@ -220,12 +220,13 @@ func addOverlay(ctx context.Context, conf *Config, lower *fs.Inode, name string, return fs.NewOverlayRoot(ctx, upper, lower, lowerFlags) } -func mountSubmount(ctx context.Context, spec *specs.Spec, conf *Config, mns *fs.MountNamespace, fds *fdDispenser, m specs.Mount) error { - // Map mount type to filesystem name, and parse out the options that we are - // capable of dealing with. - var data []string +// getMountNameAndOptions retrieves the fsName, data, and useOverlay values +// used for mounts. +func getMountNameAndOptions(conf *Config, m specs.Mount, fds *fdDispenser) (string, []string, bool, error) { var fsName string + var data []string var useOverlay bool + var err error switch m.Type { case "devpts", "devtmpfs", "proc", "sysfs": fsName = m.Type @@ -235,11 +236,8 @@ func mountSubmount(ctx context.Context, spec *specs.Spec, conf *Config, mns *fs. fsName = m.Type // tmpfs has some extra supported options that we must pass through. - var err error data, err = parseAndFilterOptions(m.Options, "mode", "uid", "gid") - if err != nil { - return err - } + case "bind": switch conf.FileAccess { case FileAccessProxy: @@ -250,7 +248,7 @@ func mountSubmount(ctx context.Context, spec *specs.Spec, conf *Config, mns *fs. fsName = "whitelistfs" data = []string{"root=" + m.Source, "dont_translate_ownership=true"} default: - return fmt.Errorf("invalid file access type: %v", conf.FileAccess) + err = fmt.Errorf("invalid file access type: %v", conf.FileAccess) } // If configured, add overlay to all writable mounts. useOverlay = conf.Overlay && !mountFlags(m.Options).ReadOnly @@ -261,6 +259,20 @@ func mountSubmount(ctx context.Context, spec *specs.Spec, conf *Config, mns *fs. // them, so this is a warning for now. // we do not support. log.Warningf("ignoring unknown filesystem type %q", m.Type) + } + return fsName, data, useOverlay, err +} + +func mountSubmount(ctx context.Context, spec *specs.Spec, conf *Config, mns *fs.MountNamespace, fds *fdDispenser, m specs.Mount) error { + // Map mount type to filesystem name, and parse out the options that we are + // capable of dealing with. + fsName, data, useOverlay, err := getMountNameAndOptions(conf, m, fds) + + // Return the error or nil that corresponds to the default case in getMountNameAndOptions. + if err != nil { + return err + } + if fsName == "" { return nil } @@ -388,6 +400,67 @@ func destinations(mounts []specs.Mount, extra ...string) []string { return append(ds, extra...) } +// mountDevice returns a device string based on the fs type and target +// of the mount. +func mountDevice(m specs.Mount) string { + if m.Type == "bind" { + // Make a device string that includes the target, which is consistent across + // S/R and uniquely identifies the connection. + return "p9fs-" + m.Destination + } + // All other fs types use device "none". + return "none" +} + +// addRestoreMount adds a mount to the MountSources map used for restoring a +// checkpointed container. +func addRestoreMount(conf *Config, renv *fs.RestoreEnvironment, m specs.Mount, fds *fdDispenser) error { + fsName, data, _, err := getMountNameAndOptions(conf, m, fds) + dataString := strings.Join(data, ",") + if err != nil { + return err + } + renv.MountSources[fsName] = append(renv.MountSources[fsName], fs.MountArgs{ + Dev: mountDevice(m), + Flags: mountFlags(m.Options), + Data: dataString, + }) + return nil +} + +// createRestoreEnviroment builds a fs.RestoreEnvironment called renv by adding the mounts +// to the environment. +func createRestoreEnvironment(spec *specs.Spec, conf *Config, fds *fdDispenser) (*fs.RestoreEnvironment, error) { + if conf.FileAccess == FileAccessDirect { + return nil, fmt.Errorf("host filesystem with whitelist not supported with S/R") + } + renv := &fs.RestoreEnvironment{ + MountSources: make(map[string][]fs.MountArgs), + } + + // Add root mount. + fd := fds.remove() + dataString := strings.Join([]string{"trans=fd", fmt.Sprintf("rfdno=%d", fd), fmt.Sprintf("wfdno=%d", fd), "privateunixsocket=true"}, ",") + mf := fs.MountSourceFlags{} + if spec.Root.Readonly { + mf.ReadOnly = true + } + const rootFSName = "9p" + renv.MountSources[rootFSName] = append(renv.MountSources[rootFSName], fs.MountArgs{ + Dev: "p9fs-/", + Flags: mf, + Data: dataString, + }) + + // Add submounts + for _, m := range spec.Mounts { + if err := addRestoreMount(conf, renv, m, fds); err != nil { + return nil, err + } + } + return renv, nil +} + func mountFlags(opts []string) fs.MountSourceFlags { mf := fs.MountSourceFlags{} for _, o := range opts { |