1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Commit graph

9 commits

Author SHA1 Message Date
Brian Goff
589a0afa8c Use rslave propagation for mounts from daemon root
By default, if a user requests a bind mount it uses private propagation.
When the source path is a path within the daemon root this, along with
some other propagation values that the user can use, causes issues when
the daemon tries to remove a mountpoint because a container will then
have a private reference to that mount which prevents removal.

Unmouting with MNT_DETATCH can help this scenario on newer kernels, but
ultimately this is just covering up the problem and doesn't actually
free up the underlying resources until all references are destroyed.

This change does essentially 2 things:

1. Change the default propagation when unspecified to `rslave` when the
source path is within the daemon root path or a parent of the daemon
root (because everything is using rbinds).
2. Creates a validation error on create when the user tries to specify
an unacceptable propagation mode for these paths...
basically the only two acceptable modes are `rslave` and `rshared`.

In cases where we have used the new default propagation but the
underlying filesystem is not setup to handle it (fs must hvae at least
rshared propagation) instead of erroring out like we normally would,
this falls back to the old default mode of `private`, which preserves
backwards compatibility.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2018-02-07 14:27:09 -05:00
Alexey Guskov
26c03d561a make docker compile on freebsd
Signed-off-by: Alexey Guskov <lexag@mail.ru>
2015-07-29 21:25:56 +03:00
John Howard
47c56e4353 Windows: Factoring out unused fields
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-27 17:44:18 -07:00
Stefan Berger
6bd389b9db Do not hide user provided network mounts [v2]
Prevent the docker daemon from mounting the created network files over
those provided by the user via -v command line option. This would otherwise
hide the one provide by the user.
The benefit of this is that a user can provide these network files using the
-v command line option and place them in a size-limited filesystem.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
2015-07-22 13:44:21 -04:00
David Calavera
bd9814f0db Allow to downgrade local volumes from > 1.7 to 1.6.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-06-09 18:04:59 -07:00
John Howard
71eadd4176 Windows: Fix PR13278 compile break
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-06-08 13:47:09 -07:00
David Calavera
81fa9feb0c Volumes refactor and external plugin implementation.
Signed by all authors:

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Signed-off-by: David Calavera <david.calavera@gmail.com>
Signed-off-by: Jeff Lindsay <progrium@gmail.com>
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Signed-off-by: Luke Marsden <luke@clusterhq.com>
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-05-21 20:34:17 -07:00
John Howard
b9e4b95788 Windows: Refactor container
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-05-16 12:38:20 -07:00
John Howard
ba1725a94e Windows: Refactor volumes
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-04-27 09:27:15 -07:00