mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Fix user mount /dev/shm size
Commit 7120976d74 ("Implement none, private, and shareable ipc
modes") introduces a bug: if a user-specified mount for /dev/shm
is provided, its size is overriden by value of ShmSize.
A reproducer is simple:
docker run --rm
--mount type=tmpfs,dst=/dev/shm,tmpfs-size=100K \
alpine df /dev/shm
This commit is an attempt to fix the bug, as well as optimize things
a but and make the code easier to read.
https://github.com/moby/moby/issues/35271
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This commit is contained in:
Kir Kolyshkin
parent
bbc4f78ba9
commit
31d30a985d
1 changed files with 21 additions and 17 deletions
|
|
@ -528,23 +528,35 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
|
|||
userMounts[m.Destination] = struct{}{}
|
||||
}
|
||||
|
||||
// Filter out mounts from spec
|
||||
noIpc := c.HostConfig.IpcMode.IsNone()
|
||||
// Filter out mounts that are overridden by user supplied mounts
|
||||
// Copy all mounts from spec to defaultMounts, except for
|
||||
// - mounts overriden by a user supplied mount;
|
||||
// - all mounts under /dev if a user supplied /dev is present;
|
||||
// - /dev/shm, in case IpcMode is none.
|
||||
// While at it, also
|
||||
// - set size for /dev/shm from shmsize.
|
||||
var defaultMounts []specs.Mount
|
||||
_, mountDev := userMounts["/dev"]
|
||||
for _, m := range s.Mounts {
|
||||
// filter out /dev/shm mount if case IpcMode is none
|
||||
if noIpc && m.Destination == "/dev/shm" {
|
||||
if _, ok := userMounts[m.Destination]; ok {
|
||||
// filter out mount overridden by a user supplied mount
|
||||
continue
|
||||
}
|
||||
// filter out mount overridden by a user supplied mount
|
||||
if _, ok := userMounts[m.Destination]; !ok {
|
||||
if mountDev && strings.HasPrefix(m.Destination, "/dev/") {
|
||||
if mountDev && strings.HasPrefix(m.Destination, "/dev/") {
|
||||
// filter out everything under /dev if /dev is user-mounted
|
||||
continue
|
||||
}
|
||||
|
||||
if m.Destination == "/dev/shm" {
|
||||
if c.HostConfig.IpcMode.IsNone() {
|
||||
// filter out /dev/shm for "none" IpcMode
|
||||
continue
|
||||
}
|
||||
defaultMounts = append(defaultMounts, m)
|
||||
// set size for /dev/shm mount from spec
|
||||
sizeOpt := "size=" + strconv.FormatInt(c.HostConfig.ShmSize, 10)
|
||||
m.Options = append(m.Options, sizeOpt)
|
||||
}
|
||||
|
||||
defaultMounts = append(defaultMounts, m)
|
||||
}
|
||||
|
||||
s.Mounts = defaultMounts
|
||||
|
|
@ -652,14 +664,6 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
|
|||
s.Linux.MaskedPaths = nil
|
||||
}
|
||||
|
||||
// Set size for /dev/shm mount that comes from spec (IpcMode: private only)
|
||||
for i, m := range s.Mounts {
|
||||
if m.Destination == "/dev/shm" {
|
||||
sizeOpt := "size=" + strconv.FormatInt(c.HostConfig.ShmSize, 10)
|
||||
s.Mounts[i].Options = append(s.Mounts[i].Options, sizeOpt)
|
||||
}
|
||||
}
|
||||
|
||||
// TODO: until a kernel/mount solution exists for handling remount in a user namespace,
|
||||
// we must clear the readonly flag for the cgroups mount (@mrunalp concurs)
|
||||
if uidMap := daemon.idMappings.UIDs(); uidMap != nil || c.HostConfig.Privileged {
|
||||
|
|
|
|||
Loading…
Reference in a new issue