Skip to content

Make the temp mount as ready only in container WithVolumes#6593

Merged
fuweid merged 1 commit intocontainerd:mainfrom
qiutongs:improve-container-mount
Mar 17, 2022
Merged

Make the temp mount as ready only in container WithVolumes#6593
fuweid merged 1 commit intocontainerd:mainfrom
qiutongs:improve-container-mount

Conversation

@qiutongs
Copy link
Copy Markdown
Contributor

@qiutongs qiutongs commented Feb 26, 2022

Signed-off-by: Qiutong Song [email protected]

Inspired by #6478

This improves the WithVolumes by making the temporary mount as read only. The mount is only used to copy files to image volume. Read-only mount will prevent linux kernel from syncing whole filesystem in umount syscall.

@k8s-ci-robot
Copy link
Copy Markdown

k8s-ci-robot commented Feb 26, 2022

Hi @qiutongs. Thanks for your PR.

I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@qiutongs
Copy link
Copy Markdown
Contributor Author

qiutongs commented Feb 26, 2022

/assign fuweid ruiwen-zhao Random-Liu

@k8s-ci-robot
Copy link
Copy Markdown

k8s-ci-robot commented Feb 26, 2022

@qiutongs: GitHub didn't allow me to assign the following users: ruiwen-zhao.

Note that only containerd members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

Details

In response to this:

/assign fuweid ruiwen-zhao Random-Liu

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@qiutongs
Copy link
Copy Markdown
Contributor Author

qiutongs commented Feb 26, 2022
edited
Loading

/cc ruiwen-zhao

qiutongs
qiutongs commented Feb 26, 2022
View reviewed changes
Comment thread pkg/cri/opts/container.go
}
// Since only read is needed, append ReadOnly mount option to prevent linux kernel
// from syncing whole filesystem in umount syscall.
if len(mounts) == 1 && mounts[0].Type == "overlay" {
Copy link
Copy Markdown
Contributor Author

@qiutongs qiutongs Feb 26, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am thinking to define this as a util function so that it can be used by everyone. Thus we don't need to copy code from #6478. But I am not sure what a good place is. Any suggestion is welcomed.

@theopenlab-ci
Copy link
Copy Markdown

theopenlab-ci Bot commented Feb 26, 2022

Build succeeded.

@fuweid fuweid merged commit d979767 into containerd:main Mar 17, 2022
This was referenced Mar 24, 2022
Merged
Merged
@thaJeztah thaJeztah added cherry-picked/1.5.x PR commits are cherry-picked into release/1.5 branch cherry-picked/1.6.x PR commits are cherry-picked into release/1.6 branch and removed cherry-pick/1.5.x labels Mar 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmcgowan dmcgowan dmcgowan approved these changes

@fuweid fuweid fuweid approved these changes

Assignees

@Random-Liu Random-Liu

@fuweid fuweid

Labels

cherry-picked/1.5.x PR commits are cherry-picked into release/1.5 branch cherry-picked/1.6.x PR commits are cherry-picked into release/1.6 branch ok-to-test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@qiutongs @k8s-ci-robot @dmcgowan @fuweid @estesp @thaJeztah @Random-Liu