summaryrefslogtreecommitdiffhomepage
path: root/runsc
diff options
context:
space:
mode:
authorgVisor bot <gvisor-bot@google.com>2020-07-15 12:14:42 -0700
committergVisor bot <gvisor-bot@google.com>2020-07-15 12:14:42 -0700
commit8939fae0af9dc8e1cdf2553339fee35b684fc828 (patch)
tree95224138ca159fd3c6b9d32eaf6c1930c1dfd6ff /runsc
parentfc48ace73aea9294c9f4ee881950d836715bf4d7 (diff)
parentabffebde7be2dcdb4564e45f845d7c150ced0ccb (diff)
Merge pull request #3165 from ridwanmsharif:ridwanmsharif/fuse-off-by-default
PiperOrigin-RevId: 321411758
Diffstat (limited to 'runsc')
-rw-r--r--runsc/boot/config.go7
-rw-r--r--runsc/boot/loader.go4
-rw-r--r--runsc/boot/vfs.go14
-rw-r--r--runsc/main.go2
4 files changed, 23 insertions, 4 deletions
diff --git a/runsc/boot/config.go b/runsc/boot/config.go
index bb01b8fb5..80da8b3e6 100644
--- a/runsc/boot/config.go
+++ b/runsc/boot/config.go
@@ -274,6 +274,9 @@ type Config struct {
// Enables VFS2 (not plumbled through yet).
VFS2 bool
+
+ // Enables FUSE usage (not plumbled through yet).
+ FUSE bool
}
// ToFlags returns a slice of flags that correspond to the given Config.
@@ -325,5 +328,9 @@ func (c *Config) ToFlags() []string {
f = append(f, "--vfs2=true")
}
+ if c.FUSE {
+ f = append(f, "--fuse=true")
+ }
+
return f
}
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index a48547ea5..9cd9c5909 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -205,6 +205,10 @@ func New(args Args) (*Loader, error) {
// Is this a VFSv2 kernel?
if args.Conf.VFS2 {
kernel.VFS2Enabled = true
+ if args.Conf.FUSE {
+ kernel.FUSEEnabled = true
+ }
+
vfs2.Override()
}
diff --git a/runsc/boot/vfs.go b/runsc/boot/vfs.go
index 6ee6fae04..56f4ba15d 100644
--- a/runsc/boot/vfs.go
+++ b/runsc/boot/vfs.go
@@ -86,9 +86,12 @@ func registerFilesystems(k *kernel.Kernel) error {
return fmt.Errorf("registering ttydev: %w", err)
}
- if err := fuse.Register(vfsObj); err != nil {
- return fmt.Errorf("registering fusedev: %w", err)
+ if kernel.FUSEEnabled {
+ if err := fuse.Register(vfsObj); err != nil {
+ return fmt.Errorf("registering fusedev: %w", err)
+ }
}
+
if err := tundev.Register(vfsObj); err != nil {
return fmt.Errorf("registering tundev: %v", err)
}
@@ -110,8 +113,11 @@ func registerFilesystems(k *kernel.Kernel) error {
if err := tundev.CreateDevtmpfsFiles(ctx, a); err != nil {
return fmt.Errorf("creating tundev devtmpfs files: %v", err)
}
- if err := fuse.CreateDevtmpfsFile(ctx, a); err != nil {
- return fmt.Errorf("creating fusedev devtmpfs files: %w", err)
+
+ if kernel.FUSEEnabled {
+ if err := fuse.CreateDevtmpfsFile(ctx, a); err != nil {
+ return fmt.Errorf("creating fusedev devtmpfs files: %w", err)
+ }
}
return nil
}
diff --git a/runsc/main.go b/runsc/main.go
index c9f47c579..69cb505fa 100644
--- a/runsc/main.go
+++ b/runsc/main.go
@@ -88,6 +88,7 @@ var (
referenceLeakMode = flag.String("ref-leak-mode", "disabled", "sets reference leak check mode: disabled (default), log-names, log-traces.")
cpuNumFromQuota = flag.Bool("cpu-num-from-quota", false, "set cpu number to cpu quota (least integer greater or equal to quota value, but not less than 2)")
vfs2Enabled = flag.Bool("vfs2", false, "TEST ONLY; use while VFSv2 is landing. This uses the new experimental VFS layer.")
+ fuseEnabled = flag.Bool("fuse", false, "TEST ONLY; use while FUSE in VFSv2 is landing. This allows the use of the new experimental FUSE filesystem.")
// Test flags, not to be used outside tests, ever.
testOnlyAllowRunAsCurrentUserWithoutChroot = flag.Bool("TESTONLY-unsafe-nonroot", false, "TEST ONLY; do not ever use! This skips many security measures that isolate the host from the sandbox.")
@@ -242,6 +243,7 @@ func main() {
OverlayfsStaleRead: *overlayfsStaleRead,
CPUNumFromQuota: *cpuNumFromQuota,
VFS2: *vfs2Enabled,
+ FUSE: *fuseEnabled,
QDisc: queueingDiscipline,
TestOnlyAllowRunAsCurrentUserWithoutChroot: *testOnlyAllowRunAsCurrentUserWithoutChroot,
TestOnlyTestNameEnv: *testOnlyTestNameEnv,