From f7428af9c11cd47e6252a3fbf24db411e513c241 Mon Sep 17 00:00:00 2001 From: Nicolas Lacasse Date: Wed, 19 Jun 2019 09:20:10 -0700 Subject: Add MountNamespace to task. This allows tasks to have distinct mount namespace, instead of all sharing the kernel's root mount namespace. Currently, the only way for a task to get a different mount namespace than the kernel's root is by explicitly setting a different MountNamespace in CreateProcessArgs, and nothing does this (yet). In a follow-up CL, we will set CreateProcessArgs.MountNamespace when creating a new container inside runsc. Note that "MountNamespace" is a poor term for this thing. It's more like a distinct VFS tree. When we get around to adding real mount namespaces, this will need a better naem. PiperOrigin-RevId: 254009310 --- pkg/sentry/fs/mounts.go | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'pkg/sentry/fs') diff --git a/pkg/sentry/fs/mounts.go b/pkg/sentry/fs/mounts.go index a5d6f8b9a..281364dfc 100644 --- a/pkg/sentry/fs/mounts.go +++ b/pkg/sentry/fs/mounts.go @@ -124,7 +124,16 @@ func (m *Mount) IsUndo() bool { return false } -// MountNamespace defines a collection of mounts. +// MountNamespace defines a VFS root. It contains collection of Mounts that are +// mounted inside the Dirent tree rooted at the Root Dirent. It provides +// methods for traversing the Dirent, and for mounting/unmounting in the tree. +// +// Note that this does not correspond to a "mount namespace" in the Linux. It +// is more like a unique VFS instance. +// +// It's possible for different processes to have different MountNamespaces. In +// this case, the file systems exposed to the processes are completely +// distinct. // // +stateify savable type MountNamespace struct { -- cgit v1.2.3