Skip to content

libnetwork/rootlessnetns: set mount propagation to slave #2431

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-bot merged 1 commit into from
May 12, 2025
Merged

libnetwork/rootlessnetns: set mount propagation to slave #2431

openshift-merge-bot merged 1 commit into from
May 12, 2025

Conversation

@Luap99
Copy link
Member

@Luap99 Luap99 commented Apr 28, 2025
edited by sourcery-ai bot
Loading

We don't want to leak our mounts to the host but we still like to to update mounts/umount events from the host. This is so when a fs is unmounted on the host we don't happen to keep it open in aardvark-dns.

Fixes: containers/podman#25994
Fixes: 4225302 ("libnetwork/rootlessnetns: make mountns tree private")

Summary by Sourcery

Bug Fixes:

  • Fix issue where host filesystem unmount events did not propagate into the rootless network namespace, potentially keeping the underlying device busy.

@sourcery-ai
Copy link

sourcery-ai bot commented Apr 28, 2025
edited
Loading

Reviewer's Guide by Sourcery

This pull request changes the mount propagation for the rootless network namespace from MS_PRIVATE to MS_SLAVE. This allows mount and unmount events from the host to propagate into the namespace, resolving an issue where unmounted file systems on the host could appear busy within the namespace.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change Details Files
Change mount propagation in the rootless network namespace setup.
  • Changed the mount flag from unix.MS_PRIVATE to unix.MS_SLAVE in the unix.Mount call.
  • Updated the comment explaining the reason for using MS_SLAVE.
  • Updated the error message to reflect setting mount propagation to slave.
 libnetwork/internal/rootlessnetns/netns_linux.go
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot approved these changes Apr 28, 2025
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @Luap99 - I've reviewed your changes and they look great!

Here's what I looked at during the review
  • 🟢 General issues: all looks good
  • 🟢 Security: all looks good
  • 🟢 Testing: all looks good
  • 🟢 Complexity: all looks good
  • 🟢 Documentation: all looks good
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@Luap99
Copy link
Member Author

Luap99 commented Apr 28, 2025

@giuseppe PTAL, I assume using slave propagation for this is right?

giuseppe
giuseppe approved these changes Apr 28, 2025
View reviewed changes
Copy link
Member

@giuseppe giuseppe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Luap99
libnetwork/rootlessnetns: set mount propagation to slave
066beed 
We don't want to leak our mounts to the host but we still like to to
update mounts/umount events from the host. This is so when a fs is
unmounted on the host we don't happen to keep it open in aardvark-dns.

Fixes: containers/podman#25994
Fixes: 4225302 ("libnetwork/rootlessnetns: make mountns tree private")

Signed-off-by: Paul Holzinger <[email protected]>
@Luap99 Luap99 force-pushed the rootlessnetns-mount branch from ed211d9 to 066beed Compare May 2, 2025 13:02
giuseppe
giuseppe approved these changes May 5, 2025
View reviewed changes
Copy link
Member

@giuseppe giuseppe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@openshift-ci
Copy link
Contributor

openshift-ci bot commented May 5, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: giuseppe, Luap99, sourcery-ai[bot]

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Luap99
Copy link
Member Author

Luap99 commented May 12, 2025

@mheon PTAL

@mheon
Copy link
Member

mheon commented May 12, 2025

/lgtm

@openshift-ci openshift-ci bot added the lgtm label May 12, 2025
@openshift-merge-bot openshift-merge-bot bot merged commit 54b9017 into containers:main May 12, 2025
15 checks passed
@Luap99 Luap99 deleted the rootlessnetns-mount branch May 12, 2025 12:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@giuseppe giuseppe giuseppe approved these changes

+1 more reviewer

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mheon mheon

Labels

approved lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

aardvark-dns locks mount points

3 participants

@Luap99 @mheon @giuseppe