Using the docker cp command increases the number of mountpoints in the container #43390
Description
Description
First use -v /var/run:/var/run:rslave OR -v /var/lib:/home/test command to run a container. And then use docker cp command to copy any file into this container. Finally the number of mountpoints in this container has been increased.
In this case, if I use many times of docker cp, the number of mountpoints can rise to 50000(the default limit of system is 100000), then I cannot use docker cp to copy anything into this container. And docker daemon will return an error with 'no space left on device'.
Trigger conditions:
1.There are child mountpoints in the '- v' directory
2."-v" specifies the rslave/rshared propagation mode. OR "-v" docker root directory or its parent or child directories
3.Use docker cp command
Steps to reproduce the issue:
1.docker run --name mount-test -id -v /var/run:/var/run:rslave busybox sh
2.docker exec -it mount-test cat /proc/self/mountinfo | wc -l
3.docker cp xxx mount-test:/
4.docker exec -it mount-test cat /proc/self/mountinfo | wc -l
We can see the number of mountpoints in this container has been increased.
Describe the results you received:
The first exec command results: 35
The second exec command results: 41
Describe the results you expected:
The first exec command results: 35
The second exec command results: 35
Additional information you deem important (e.g. issue happens only occasionally):
issue happens inevitably.
Conditions:
1.There are child mountpoints in the '- v' directory
2."-v" specifies the rslave/rshared propagation mode. OR "-v" docker root directory or its parent or child directories
3.Use docker cp command
Output of docker version:
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.8.0-docker)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 1
Server Version: 20.10.13
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux nvidia runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 2a1d4dbdb2a1030dc5b01e96fb110a9d9f150ecc
runc version: v1.0.3-0-gf46b6ba
init version: de40ad0
Security Options:
seccomp
Profile: default
selinux
Kernel Version: 3.10.0-693.21.1.el7.x86_64
Operating System: centos 7
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.701GiB
Name: centos 7
ID: SA7Y:LUL7:K57J:DWEF:C3CG:MAJ5:PXEW:O6ZF:TAES:ZL32:KK7A:WISP
Docker Root Dir: /var/lib/docker
Debug Mode: true
File Descriptors: 24
Goroutines: 34
System Time: 2022-03-17T16:39:21.978475641+08:00
EventsListeners: 0
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
0.0.0.0/0
::/0
127.0.0.0/8
Registry Mirrors:
Live Restore Enabled: false
Output of docker info:
Client: Docker Engine - Community
Version: 20.10.13
API version: 1.41
Go version: go1.16.15
Git commit: a224086
Built: Thu Mar 10 14:09:51 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.13
API version: 1.41 (minimum version 1.12)
Go version: go1.16.15
Git commit: 906f57f
Built: Thu Mar 10 14:08:16 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.5.10
GitCommit: 2a1d4dbdb2a1030dc5b01e96fb110a9d9f150ecc
runc:
Version: 1.0.3
GitCommit: v1.0.3-0-gf46b6ba
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Additional environment details (AWS, VirtualBox, physical, etc.):
both VirtualBox and physical, centos 7/centos 8/ubuntu 20.04