daemon: remove setMayDetachMounts (set may_detach_mounts=1 on startup)

thaJeztah · thaJeztah · commit 6d0b508699f3 · 2024-07-22T21:51:23.000+02:00
This function was added in 83c2152 to automatically set `/proc/sys/fs/may_detach_mounts=1` on startup. This is a kernel config available in RHEL7.4 based kernels that enables mountpoint removal where the mountpoint exists in other namespaces. This setting is the default, and non-configurable, on upstream kernels since 3.15. As this option was only supported in RHEL 7.x systems, which reached EOL, we can remove this code, as it's not doing anything on current kernels. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
diff --git a/daemon/daemon.go b/daemon/daemon.go
@@ -857,9 +857,6 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
 		return nil, err
 	}
 	rootIDs := idMapping.RootPair()
-	if err := setMayDetachMounts(); err != nil {
-		log.G(ctx).WithError(err).Warn("Could not set may_detach_mounts kernel parameter")
-	}
 
 	// set up the tmpDir to use a canonical path
 	tmp, err := prepareTempDir(config.Root)
diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go
@@ -18,7 +18,6 @@ import (
 	"time"
 
 	"github.com/containerd/cgroups/v3"
-	"github.com/containerd/containerd/pkg/userns"
 	"github.com/containerd/log"
 	"github.com/docker/docker/api/types/blkiodev"
 	pblkiodev "github.com/docker/docker/api/types/blkiodev"
@@ -1403,35 +1402,6 @@ func (daemon *Daemon) setDefaultIsolation(*config.Config) error {
 	return nil
 }
 
-// This is used to allow removal of mountpoints that may be mounted in other
-// namespaces on RHEL based kernels starting from RHEL 7.4.
-// Without this setting, removals on these RHEL based kernels may fail with
-// "device or resource busy".
-// This setting is not available in upstream kernels as it is not configurable,
-// but has been in the upstream kernels since 3.15.
-func setMayDetachMounts() error {
-	f, err := os.OpenFile("/proc/sys/fs/may_detach_mounts", os.O_WRONLY, 0)
-	if err != nil {
-		if os.IsNotExist(err) {
-			return nil
-		}
-		return errors.Wrap(err, "error opening may_detach_mounts kernel config file")
-	}
-	defer f.Close()
-
-	_, err = f.WriteString("1")
-	if os.IsPermission(err) {
-		// Setting may_detach_mounts does not work in an
-		// unprivileged container. Ignore the error, but log
-		// it if we appear not to be in that situation.
-		if !userns.RunningInUserNS() {
-			log.G(context.TODO()).Debugf("Permission denied writing %q to /proc/sys/fs/may_detach_mounts", "1")
-		}
-		return nil
-	}
-	return err
-}
-
 func (daemon *Daemon) initCPURtController(cfg *config.Config, mnt, path string) error {
 	if path == "/" || path == "." {
 		return nil
diff --git a/daemon/daemon_windows.go b/daemon/daemon_windows.go
@@ -545,10 +545,6 @@ func (daemon *Daemon) setDefaultIsolation(config *config.Config) error {
 	return nil
 }
 
-func setMayDetachMounts() error {
-	return nil
-}
-
 func (daemon *Daemon) setupSeccompProfile(*config.Config) error {
 	return nil
 }

Original file line number	Diff line number	Diff line change
`@@ -857,9 +857,6 @@ func NewDaemon(ctx context.Context, config config.Config, pluginStore plugin.S`
`857`	`857`	`return nil, err`
`858`	`858`	`}`
`859`	`859`	`rootIDs := idMapping.RootPair()`
`860`		`- if err := setMayDetachMounts(); err != nil {`
`861`		`- log.G(ctx).WithError(err).Warn("Could not set may_detach_mounts kernel parameter")`
`862`		`- }`
`863`	`860`
`864`	`861`	`// set up the tmpDir to use a canonical path`
`865`	`862`	`tmp, err := prepareTempDir(config.Root)`
Original file line number	Diff line number	Diff line change
`@@ -545,10 +545,6 @@ func (daemon Daemon) setDefaultIsolation(config config.Config) error {`
`545`	`545`	`return nil`
`546`	`546`	`}`
`547`	`547`
`548`		`-func setMayDetachMounts() error {`
`549`		`- return nil`
`550`		`-}`
`551`		`-`
`552`	`548`	`func (daemon Daemon) setupSeccompProfile(config.Config) error {`
`553`	`549`	`return nil`
`554`	`550`	`}`