summaryrefslogtreecommitdiffhomepage
path: root/runsc/boot/fs.go
diff options
context:
space:
mode:
authorJustine Olshan <justineolshan@google.com>2018-06-21 10:17:19 -0700
committerShentubot <shentubot@google.com>2018-06-21 10:18:11 -0700
commitf2a687001ded18a4343c1aa3bfba18b08c6a816a (patch)
tree7f1710c546067eff9a995bce5cc1426b549b6e14 /runsc/boot/fs.go
parent7d6149063a0bb6e563885a8f199756e7af5e69cf (diff)
Added functionality to create a RestoreEnvironment.
Before a container can be restored, the mounts must be configured. The root and submounts and their key information is compiled into a RestoreEnvironment. Future code will be added to set this created environment before restoring a container. Tests to ensure the correct environment were added. PiperOrigin-RevId: 201544637 Change-Id: Ia894a8b0f80f31104d1c732e113b1d65a4697087
Diffstat (limited to 'runsc/boot/fs.go')
-rw-r--r--runsc/boot/fs.go91
1 files changed, 82 insertions, 9 deletions
diff --git a/runsc/boot/fs.go b/runsc/boot/fs.go
index 7ebf22de8..7731763de 100644
--- a/runsc/boot/fs.go
+++ b/runsc/boot/fs.go
@@ -220,12 +220,13 @@ func addOverlay(ctx context.Context, conf *Config, lower *fs.Inode, name string,
return fs.NewOverlayRoot(ctx, upper, lower, lowerFlags)
}
-func mountSubmount(ctx context.Context, spec *specs.Spec, conf *Config, mns *fs.MountNamespace, fds *fdDispenser, m specs.Mount) error {
- // Map mount type to filesystem name, and parse out the options that we are
- // capable of dealing with.
- var data []string
+// getMountNameAndOptions retrieves the fsName, data, and useOverlay values
+// used for mounts.
+func getMountNameAndOptions(conf *Config, m specs.Mount, fds *fdDispenser) (string, []string, bool, error) {
var fsName string
+ var data []string
var useOverlay bool
+ var err error
switch m.Type {
case "devpts", "devtmpfs", "proc", "sysfs":
fsName = m.Type
@@ -235,11 +236,8 @@ func mountSubmount(ctx context.Context, spec *specs.Spec, conf *Config, mns *fs.
fsName = m.Type
// tmpfs has some extra supported options that we must pass through.
- var err error
data, err = parseAndFilterOptions(m.Options, "mode", "uid", "gid")
- if err != nil {
- return err
- }
+
case "bind":
switch conf.FileAccess {
case FileAccessProxy:
@@ -250,7 +248,7 @@ func mountSubmount(ctx context.Context, spec *specs.Spec, conf *Config, mns *fs.
fsName = "whitelistfs"
data = []string{"root=" + m.Source, "dont_translate_ownership=true"}
default:
- return fmt.Errorf("invalid file access type: %v", conf.FileAccess)
+ err = fmt.Errorf("invalid file access type: %v", conf.FileAccess)
}
// If configured, add overlay to all writable mounts.
useOverlay = conf.Overlay && !mountFlags(m.Options).ReadOnly
@@ -261,6 +259,20 @@ func mountSubmount(ctx context.Context, spec *specs.Spec, conf *Config, mns *fs.
// them, so this is a warning for now.
// we do not support.
log.Warningf("ignoring unknown filesystem type %q", m.Type)
+ }
+ return fsName, data, useOverlay, err
+}
+
+func mountSubmount(ctx context.Context, spec *specs.Spec, conf *Config, mns *fs.MountNamespace, fds *fdDispenser, m specs.Mount) error {
+ // Map mount type to filesystem name, and parse out the options that we are
+ // capable of dealing with.
+ fsName, data, useOverlay, err := getMountNameAndOptions(conf, m, fds)
+
+ // Return the error or nil that corresponds to the default case in getMountNameAndOptions.
+ if err != nil {
+ return err
+ }
+ if fsName == "" {
return nil
}
@@ -388,6 +400,67 @@ func destinations(mounts []specs.Mount, extra ...string) []string {
return append(ds, extra...)
}
+// mountDevice returns a device string based on the fs type and target
+// of the mount.
+func mountDevice(m specs.Mount) string {
+ if m.Type == "bind" {
+ // Make a device string that includes the target, which is consistent across
+ // S/R and uniquely identifies the connection.
+ return "p9fs-" + m.Destination
+ }
+ // All other fs types use device "none".
+ return "none"
+}
+
+// addRestoreMount adds a mount to the MountSources map used for restoring a
+// checkpointed container.
+func addRestoreMount(conf *Config, renv *fs.RestoreEnvironment, m specs.Mount, fds *fdDispenser) error {
+ fsName, data, _, err := getMountNameAndOptions(conf, m, fds)
+ dataString := strings.Join(data, ",")
+ if err != nil {
+ return err
+ }
+ renv.MountSources[fsName] = append(renv.MountSources[fsName], fs.MountArgs{
+ Dev: mountDevice(m),
+ Flags: mountFlags(m.Options),
+ Data: dataString,
+ })
+ return nil
+}
+
+// createRestoreEnviroment builds a fs.RestoreEnvironment called renv by adding the mounts
+// to the environment.
+func createRestoreEnvironment(spec *specs.Spec, conf *Config, fds *fdDispenser) (*fs.RestoreEnvironment, error) {
+ if conf.FileAccess == FileAccessDirect {
+ return nil, fmt.Errorf("host filesystem with whitelist not supported with S/R")
+ }
+ renv := &fs.RestoreEnvironment{
+ MountSources: make(map[string][]fs.MountArgs),
+ }
+
+ // Add root mount.
+ fd := fds.remove()
+ dataString := strings.Join([]string{"trans=fd", fmt.Sprintf("rfdno=%d", fd), fmt.Sprintf("wfdno=%d", fd), "privateunixsocket=true"}, ",")
+ mf := fs.MountSourceFlags{}
+ if spec.Root.Readonly {
+ mf.ReadOnly = true
+ }
+ const rootFSName = "9p"
+ renv.MountSources[rootFSName] = append(renv.MountSources[rootFSName], fs.MountArgs{
+ Dev: "p9fs-/",
+ Flags: mf,
+ Data: dataString,
+ })
+
+ // Add submounts
+ for _, m := range spec.Mounts {
+ if err := addRestoreMount(conf, renv, m, fds); err != nil {
+ return nil, err
+ }
+ }
+ return renv, nil
+}
+
func mountFlags(opts []string) fs.MountSourceFlags {
mf := fs.MountSourceFlags{}
for _, o := range opts {