mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
af8a1430f1
Until and unless user has specified a propagation property for volume, they should default to "rprivate" and it should be passed to runc. We can't make it conditional on HasPropagation(). GetPropagation() returns default of rprivate if noting was passed in by user. If we don't pass "rprivate" to runc, then bind mount could be shared even if user did not ask for it. For example, mount two volumes in a container. One is "shared" while other's propagation is not specified by caller. If both volume has same source mount point of "shared", then second volume will also be shared inside container (instead of being private). Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
333 lines
10 KiB
Go
333 lines
10 KiB
Go
package volume
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
"syscall"
|
|
|
|
mounttypes "github.com/docker/docker/api/types/mount"
|
|
"github.com/docker/docker/pkg/idtools"
|
|
"github.com/docker/docker/pkg/stringid"
|
|
"github.com/opencontainers/runc/libcontainer/label"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
// DefaultDriverName is the driver name used for the driver
|
|
// implemented in the local package.
|
|
const DefaultDriverName = "local"
|
|
|
|
// Scopes define if a volume has is cluster-wide (global) or local only.
|
|
// Scopes are returned by the volume driver when it is queried for capabilities and then set on a volume
|
|
const (
|
|
LocalScope = "local"
|
|
GlobalScope = "global"
|
|
)
|
|
|
|
// Driver is for creating and removing volumes.
|
|
type Driver interface {
|
|
// Name returns the name of the volume driver.
|
|
Name() string
|
|
// Create makes a new volume with the given name.
|
|
Create(name string, opts map[string]string) (Volume, error)
|
|
// Remove deletes the volume.
|
|
Remove(vol Volume) (err error)
|
|
// List lists all the volumes the driver has
|
|
List() ([]Volume, error)
|
|
// Get retrieves the volume with the requested name
|
|
Get(name string) (Volume, error)
|
|
// Scope returns the scope of the driver (e.g. `global` or `local`).
|
|
// Scope determines how the driver is handled at a cluster level
|
|
Scope() string
|
|
}
|
|
|
|
// Capability defines a set of capabilities that a driver is able to handle.
|
|
type Capability struct {
|
|
// Scope is the scope of the driver, `global` or `local`
|
|
// A `global` scope indicates that the driver manages volumes across the cluster
|
|
// A `local` scope indicates that the driver only manages volumes resources local to the host
|
|
// Scope is declared by the driver
|
|
Scope string
|
|
}
|
|
|
|
// Volume is a place to store data. It is backed by a specific driver, and can be mounted.
|
|
type Volume interface {
|
|
// Name returns the name of the volume
|
|
Name() string
|
|
// DriverName returns the name of the driver which owns this volume.
|
|
DriverName() string
|
|
// Path returns the absolute path to the volume.
|
|
Path() string
|
|
// Mount mounts the volume and returns the absolute path to
|
|
// where it can be consumed.
|
|
Mount(id string) (string, error)
|
|
// Unmount unmounts the volume when it is no longer in use.
|
|
Unmount(id string) error
|
|
// Status returns low-level status information about a volume
|
|
Status() map[string]interface{}
|
|
}
|
|
|
|
// DetailedVolume wraps a Volume with user-defined labels, options, and cluster scope (e.g., `local` or `global`)
|
|
type DetailedVolume interface {
|
|
Labels() map[string]string
|
|
Options() map[string]string
|
|
Scope() string
|
|
Volume
|
|
}
|
|
|
|
// MountPoint is the intersection point between a volume and a container. It
|
|
// specifies which volume is to be used and where inside a container it should
|
|
// be mounted.
|
|
type MountPoint struct {
|
|
// Source is the source path of the mount.
|
|
// E.g. `mount --bind /foo /bar`, `/foo` is the `Source`.
|
|
Source string
|
|
// Destination is the path relative to the container root (`/`) to the mount point
|
|
// It is where the `Source` is mounted to
|
|
Destination string
|
|
// RW is set to true when the mountpoint should be mounted as read-write
|
|
RW bool
|
|
// Name is the name reference to the underlying data defined by `Source`
|
|
// e.g., the volume name
|
|
Name string
|
|
// Driver is the volume driver used to create the volume (if it is a volume)
|
|
Driver string
|
|
// Type of mount to use, see `Type<foo>` definitions in github.com/docker/docker/api/types/mount
|
|
Type mounttypes.Type `json:",omitempty"`
|
|
// Volume is the volume providing data to this mountpoint.
|
|
// This is nil unless `Type` is set to `TypeVolume`
|
|
Volume Volume `json:"-"`
|
|
|
|
// Mode is the comma separated list of options supplied by the user when creating
|
|
// the bind/volume mount.
|
|
// Note Mode is not used on Windows
|
|
Mode string `json:"Relabel,omitempty"` // Originally field was `Relabel`"
|
|
|
|
// Propagation describes how the mounts are propagated from the host into the
|
|
// mount point, and vice-versa.
|
|
// See https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt
|
|
// Note Propagation is not used on Windows
|
|
Propagation mounttypes.Propagation `json:",omitempty"` // Mount propagation string
|
|
|
|
// Specifies if data should be copied from the container before the first mount
|
|
// Use a pointer here so we can tell if the user set this value explicitly
|
|
// This allows us to error out when the user explicitly enabled copy but we can't copy due to the volume being populated
|
|
CopyData bool `json:"-"`
|
|
// ID is the opaque ID used to pass to the volume driver.
|
|
// This should be set by calls to `Mount` and unset by calls to `Unmount`
|
|
ID string `json:",omitempty"`
|
|
|
|
// Sepc is a copy of the API request that created this mount.
|
|
Spec mounttypes.Mount
|
|
}
|
|
|
|
// Setup sets up a mount point by either mounting the volume if it is
|
|
// configured, or creating the source directory if supplied.
|
|
func (m *MountPoint) Setup(mountLabel string, rootUID, rootGID int) (path string, err error) {
|
|
defer func() {
|
|
if err == nil {
|
|
if label.RelabelNeeded(m.Mode) {
|
|
if err = label.Relabel(m.Source, mountLabel, label.IsShared(m.Mode)); err != nil {
|
|
path = ""
|
|
err = errors.Wrapf(err, "error setting label on mount source '%s'", m.Source)
|
|
return
|
|
}
|
|
}
|
|
}
|
|
return
|
|
}()
|
|
|
|
if m.Volume != nil {
|
|
id := m.ID
|
|
if id == "" {
|
|
id = stringid.GenerateNonCryptoID()
|
|
}
|
|
path, err := m.Volume.Mount(id)
|
|
if err != nil {
|
|
return "", errors.Wrapf(err, "error while mounting volume '%s'", m.Source)
|
|
}
|
|
m.ID = id
|
|
return path, nil
|
|
}
|
|
if len(m.Source) == 0 {
|
|
return "", fmt.Errorf("Unable to setup mount point, neither source nor volume defined")
|
|
}
|
|
// system.MkdirAll() produces an error if m.Source exists and is a file (not a directory),
|
|
if m.Type == mounttypes.TypeBind {
|
|
// idtools.MkdirAllNewAs() produces an error if m.Source exists and is a file (not a directory)
|
|
// also, makes sure that if the directory is created, the correct remapped rootUID/rootGID will own it
|
|
if err := idtools.MkdirAllNewAs(m.Source, 0755, rootUID, rootGID); err != nil {
|
|
if perr, ok := err.(*os.PathError); ok {
|
|
if perr.Err != syscall.ENOTDIR {
|
|
return "", errors.Wrapf(err, "error while creating mount source path '%s'", m.Source)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return m.Source, nil
|
|
}
|
|
|
|
// Path returns the path of a volume in a mount point.
|
|
func (m *MountPoint) Path() string {
|
|
if m.Volume != nil {
|
|
return m.Volume.Path()
|
|
}
|
|
return m.Source
|
|
}
|
|
|
|
// ParseVolumesFrom ensures that the supplied volumes-from is valid.
|
|
func ParseVolumesFrom(spec string) (string, string, error) {
|
|
if len(spec) == 0 {
|
|
return "", "", fmt.Errorf("volumes-from specification cannot be an empty string")
|
|
}
|
|
|
|
specParts := strings.SplitN(spec, ":", 2)
|
|
id := specParts[0]
|
|
mode := "rw"
|
|
|
|
if len(specParts) == 2 {
|
|
mode = specParts[1]
|
|
if !ValidMountMode(mode) {
|
|
return "", "", errInvalidMode(mode)
|
|
}
|
|
// For now don't allow propagation properties while importing
|
|
// volumes from data container. These volumes will inherit
|
|
// the same propagation property as of the original volume
|
|
// in data container. This probably can be relaxed in future.
|
|
if HasPropagation(mode) {
|
|
return "", "", errInvalidMode(mode)
|
|
}
|
|
// Do not allow copy modes on volumes-from
|
|
if _, isSet := getCopyMode(mode); isSet {
|
|
return "", "", errInvalidMode(mode)
|
|
}
|
|
}
|
|
return id, mode, nil
|
|
}
|
|
|
|
// ParseMountRaw parses a raw volume spec (e.g. `-v /foo:/bar:shared`) into a
|
|
// structured spec. Once the raw spec is parsed it relies on `ParseMountSpec` to
|
|
// validate the spec and create a MountPoint
|
|
func ParseMountRaw(raw, volumeDriver string) (*MountPoint, error) {
|
|
arr, err := splitRawSpec(convertSlash(raw))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var spec mounttypes.Mount
|
|
var mode string
|
|
switch len(arr) {
|
|
case 1:
|
|
// Just a destination path in the container
|
|
spec.Target = arr[0]
|
|
case 2:
|
|
if ValidMountMode(arr[1]) {
|
|
// Destination + Mode is not a valid volume - volumes
|
|
// cannot include a mode. e.g. /foo:rw
|
|
return nil, errInvalidSpec(raw)
|
|
}
|
|
// Host Source Path or Name + Destination
|
|
spec.Source = arr[0]
|
|
spec.Target = arr[1]
|
|
case 3:
|
|
// HostSourcePath+DestinationPath+Mode
|
|
spec.Source = arr[0]
|
|
spec.Target = arr[1]
|
|
mode = arr[2]
|
|
default:
|
|
return nil, errInvalidSpec(raw)
|
|
}
|
|
|
|
if !ValidMountMode(mode) {
|
|
return nil, errInvalidMode(mode)
|
|
}
|
|
|
|
if filepath.IsAbs(spec.Source) {
|
|
spec.Type = mounttypes.TypeBind
|
|
} else {
|
|
spec.Type = mounttypes.TypeVolume
|
|
}
|
|
|
|
spec.ReadOnly = !ReadWrite(mode)
|
|
|
|
// cannot assume that if a volume driver is passed in that we should set it
|
|
if volumeDriver != "" && spec.Type == mounttypes.TypeVolume {
|
|
spec.VolumeOptions = &mounttypes.VolumeOptions{
|
|
DriverConfig: &mounttypes.Driver{Name: volumeDriver},
|
|
}
|
|
}
|
|
|
|
if copyData, isSet := getCopyMode(mode); isSet {
|
|
if spec.VolumeOptions == nil {
|
|
spec.VolumeOptions = &mounttypes.VolumeOptions{}
|
|
}
|
|
spec.VolumeOptions.NoCopy = !copyData
|
|
}
|
|
if HasPropagation(mode) {
|
|
spec.BindOptions = &mounttypes.BindOptions{
|
|
Propagation: GetPropagation(mode),
|
|
}
|
|
}
|
|
|
|
mp, err := ParseMountSpec(spec, platformRawValidationOpts...)
|
|
if mp != nil {
|
|
mp.Mode = mode
|
|
}
|
|
if err != nil {
|
|
err = fmt.Errorf("%v: %v", errInvalidSpec(raw), err)
|
|
}
|
|
return mp, err
|
|
}
|
|
|
|
// ParseMountSpec reads a mount config, validates it, and configures a mountpoint from it.
|
|
func ParseMountSpec(cfg mounttypes.Mount, options ...func(*validateOpts)) (*MountPoint, error) {
|
|
if err := validateMountConfig(&cfg, options...); err != nil {
|
|
return nil, err
|
|
}
|
|
mp := &MountPoint{
|
|
RW: !cfg.ReadOnly,
|
|
Destination: clean(convertSlash(cfg.Target)),
|
|
Type: cfg.Type,
|
|
Spec: cfg,
|
|
}
|
|
|
|
switch cfg.Type {
|
|
case mounttypes.TypeVolume:
|
|
if cfg.Source == "" {
|
|
mp.Name = stringid.GenerateNonCryptoID()
|
|
} else {
|
|
mp.Name = cfg.Source
|
|
}
|
|
mp.CopyData = DefaultCopyMode
|
|
|
|
if cfg.VolumeOptions != nil {
|
|
if cfg.VolumeOptions.DriverConfig != nil {
|
|
mp.Driver = cfg.VolumeOptions.DriverConfig.Name
|
|
}
|
|
if cfg.VolumeOptions.NoCopy {
|
|
mp.CopyData = false
|
|
}
|
|
}
|
|
case mounttypes.TypeBind:
|
|
mp.Source = clean(convertSlash(cfg.Source))
|
|
if cfg.BindOptions != nil && len(cfg.BindOptions.Propagation) > 0 {
|
|
mp.Propagation = cfg.BindOptions.Propagation
|
|
} else {
|
|
// If user did not specify a propagation mode, get
|
|
// default propagation mode.
|
|
mp.Propagation = DefaultPropagationMode
|
|
}
|
|
case mounttypes.TypeTmpfs:
|
|
// NOP
|
|
}
|
|
return mp, nil
|
|
}
|
|
|
|
func errInvalidMode(mode string) error {
|
|
return fmt.Errorf("invalid mode: %v", mode)
|
|
}
|
|
|
|
func errInvalidSpec(spec string) error {
|
|
return fmt.Errorf("invalid volume specification: '%s'", spec)
|
|
}
|