mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
e076bccb45
People have reported following issue with overlay $ docker run -ti --name=foo -v /dev/:/dev fedora bash $ docker cp foo:/bin/bash /tmp $ exit container Upon container exit, /dev/pts gets unmounted too. This happens because docker cp volume mounts get propagated to /run/docker/libcontainer/.... and when container exits, it must be tearing down mount point under /run/docker/libcontainerd/... and as these are "shared" mounts it propagates events to /dev/pts and it gets unmounted too. One way to solve this problem is to make sure "docker cp" volume mounts don't become visible under /run/docker/libcontainerd/.. Here are more details of what is actually happening. Make overlay home directory (/var/lib/docker/overlay) private mount when docker starts and unmount it when docker stops. Following is the reason to do it. In fedora and some other distributions / is "shared". That means when docker creates a container and mounts it root in /var/lib/docker/overlay/... that mount point is "shared". Looks like after that containerd/runc bind mounts that rootfs into /runc/docker/libcontainerd/container-id/rootfs. And this puts both source and destination mounts points in shared group and they both are setup to propagate mount events to each other. Later when "docker cp" is run it sets up container volumes under /var/lib/dokcer/overlay/container-id/... And all these mounts propagate to /runc/docker/libcontainerd/... Now mountVolumes() makes these new mount points private but by that time propagation already has happened and private only takes affect when unmount happens. So to stop this propagation of volumes by docker cp, make /var/lib/docker/overlay a private mount point. That means when a container rootfs is created, that mount point will be private too (it will inherit property from parent). And that means when bind mount happens in /runc/ dir, overlay mount point will not propagate mounts to /runc/. Other graphdrivers like devicemapper are already doing it and they don't face this issue. Signed-off-by: Vivek Goyal <vgoyal@redhat.com> |
||
|---|---|---|
| .. | ||
| aufs | ||
| btrfs | ||
| devmapper | ||
| graphtest | ||
| overlay | ||
| register | ||
| vfs | ||
| windows | ||
| zfs | ||
| driver.go | ||
| driver_freebsd.go | ||
| driver_linux.go | ||
| driver_unsupported.go | ||
| driver_windows.go | ||
| fsdiff.go | ||
| plugin.go | ||
| plugin_unsupported.go | ||
| proxy.go | ||