remove mask on /sys/dev/block #2277
Description
The masking of /sys/dev/block was added in 0334b6195820f7261f87a4f4e5d739a6d560f4b2 which constrained the previous /sys/dev masking.
The contents of this filesystem (at least on 5.15.7-200.fc35), is as follows, a bunch of symlinks.
$ ls -la /sys/dev/block
total 0
drwxr-xr-x. 2 root root 0 Dec 26 17:36 .
drwxr-xr-x. 4 root root 0 Dec 26 17:36 ..
lrwxrwxrwx. 1 root root 0 Dec 26 17:37 252:0 -> ../../devices/virtual/block/zram0
lrwxrwxrwx. 1 root root 0 Dec 29 19:03 253:0 -> ../../devices/virtual/block/dm-0
lrwxrwxrwx. 1 root root 0 Dec 29 19:03 253:1 -> ../../devices/virtual/block/dm-1
lrwxrwxrwx. 1 root root 0 Dec 29 19:03 253:2 -> ../../devices/virtual/block/dm-2
lrwxrwxrwx. 1 root root 0 Dec 29 19:03 253:3 -> ../../devices/virtual/block/dm-3
lrwxrwxrwx. 1 root root 0 Dec 29 19:03 259:0 -> ../../devices/pci0000:00/0000:00:1d.4/0000:07:00.0/nvme/nvme0/nvme0n1
lrwxrwxrwx. 1 root root 0 Dec 29 19:03 259:1 -> ../../devices/pci0000:00/0000:00:1d.4/0000:07:00.0/nvme/nvme0/nvme0n1/nvme0n1p1
lrwxrwxrwx. 1 root root 0 Dec 29 19:03 259:2 -> ../../devices/pci0000:00/0000:00:1d.4/0000:07:00.0/nvme/nvme0/nvme0n1/nvme0n1p2
lrwxrwxrwx. 1 root root 0 Dec 29 19:03 259:3 -> ../../devices/pci0000:00/0000:00:1d.4/0000:07:00.0/nvme/nvme0/nvme0n1/nvme0n1p3
lrwxrwxrwx. 1 root root 0 Dec 26 17:37 7:0 -> ../../devices/virtual/block/loop0
lrwxrwxrwx. 1 root root 0 Dec 26 17:37 7:1 -> ../../devices/virtual/block/loop1
lrwxrwxrwx. 1 root root 0 Dec 26 17:37 7:2 -> ../../devices/virtual/block/loop2
lrwxrwxrwx. 1 root root 0 Dec 26 17:37 7:3 -> ../../devices/virtual/block/loop3
lrwxrwxrwx. 1 root root 0 Dec 26 17:37 7:4 -> ../../devices/virtual/block/loop4
lrwxrwxrwx. 1 root root 0 Dec 26 17:37 7:5 -> ../../devices/virtual/block/loop5
lrwxrwxrwx. 1 root root 0 Dec 26 17:37 7:6 -> ../../devices/virtual/block/loop6
The locations where these symlinks point to are still accessible in the container:
$ podman run --rm -ti bash
bash-5.1# uname -a
Linux ef43af629ac1 5.15.7-200.fc35.x86_64 containers/podman#1 SMP Wed Dec 8 19:00:47 UTC 2021 x86_64 Linux
bash-5.1# ls -lad /sys/devices/pci0000\:00/0000\:00\:1d.4/0000\:07\:00.0/nvme/nvme0/nvme0n1/ /sys/devices/virtual/block/
drwxr-xr-x 12 nobody nobody 0 Jan 5 03:48 /sys/devices/pci0000:00/0000:00:1d.4/0000:07:00.0/nvme/nvme0/nvme0n1/
drwxr-xr-x 14 nobody nobody 0 Jan 5 03:39 /sys/devices/virtual/block/
The reason this information is useful is that MariaDB uses the major/minor device numbers and follows this path to find the physical size of the blocks used for O_DIRECT calls - https://github.com/MariaDB/server/blob/385842e15bbd51ad6cad9cf3bfb69d93d0c36921/storage/innobase/os/os0file.cc#L1319-L1325.
As a feature request:
- Don't mask /sys/dev/block - it isn't hiding anything and is useful
- Before you mask /sys/devices, please only block the ones that aren't volume mounted within the container.
Another discussion found: https://bugzilla.redhat.com/show_bug.cgi?id=1884283
Note: the manual of podman-run doesn't list this masking.