Skip to content

oci: Use WithReadonlyTempMount when adding users/groups #8351

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dmcgowan merged 1 commit into from
Apr 5, 2023
Merged

oci: Use WithReadonlyTempMount when adding users/groups #8351

dmcgowan merged 1 commit into from
Apr 5, 2023

Conversation

@rumpl
Copy link
Member

@rumpl rumpl commented Apr 5, 2023
edited
Loading

The #8259 change added a new WithReadonlyTempMount that will force the mount to be readonly.

This change removes the tryReadonlyMounts and uses that function.

Relates to #8259
Related: rumpl/moby#92 and moby/moby#45267

Note: once this PR is good to go I will backport these to 1.6 and 1.7, this is needed for moby's migration to the containerd image store and moby uses 1.6.x

@rumpl rumpl mentioned this pull request Apr 5, 2023
Merged
thaJeztah
thaJeztah approved these changes Apr 5, 2023
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@thaJeztah thaJeztah added cherry-pick/1.6.x cherry-pick/1.7.x Change to be cherry picked to release/1.7 branch labels Apr 5, 2023
@thaJeztah
Copy link
Member

thaJeztah commented Apr 5, 2023
edited
Loading

I added cherry-pick labels for this, as it reduces the risk of code diverging (and the new code should do exactly the same, so should be "safe" to take). Of course that's my $0.02 (but there's still review on backports to decide on such things)

@thaJeztah
Copy link
Member

thaJeztah commented Apr 5, 2023

derp; new code isn't doing the same, but actually fixing the overlay mounts (updated my previous comment)

@dmcgowan dmcgowan merged commit 2503bef into containerd:main Apr 5, 2023
This was referenced Apr 5, 2023
Merged
Merged
@thaJeztah
Copy link
Member

thaJeztah commented Apr 5, 2023

backports;

@thaJeztah thaJeztah added cherry-picked/1.6.x PR commits are cherry-picked into release/1.6 branch cherry-picked/1.7.x PR commits are cherry-picked into release/1.7 branch and removed cherry-pick/1.6.x cherry-pick/1.7.x Change to be cherry picked to release/1.7 branch labels Apr 5, 2023
fuweid
fuweid reviewed Apr 7, 2023
View reviewed changes
oci/spec_opts.go
// tryReadonlyMounts is used by the options which are trying to get user/group
// information from container's rootfs. Since the option does read operation
// only, this helper will append ReadOnly mount option to prevent linux kernel
// from syncing whole filesystem in umount syscall.
Copy link
Member

@fuweid fuweid Apr 7, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should keep the comments here to know why we use readonly mount .... no just remove it

Copy link
Member

@thaJeztah thaJeztah Apr 15, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was referenced Apr 15, 2023
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thaJeztah thaJeztah thaJeztah approved these changes

@fuweid fuweid fuweid left review comments

@dmcgowan dmcgowan dmcgowan approved these changes

@estesp estesp estesp approved these changes

Assignees

No one assigned

Labels

cherry-picked/1.6.x PR commits are cherry-picked into release/1.6 branch cherry-picked/1.7.x PR commits are cherry-picked into release/1.7 branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@rumpl @thaJeztah @dmcgowan @estesp @fuweid