I think the integration test in integration/container/mounts_linux_test.go would read better using assertions, but followed the existing style on the file.

I can add a commit to use assertions for all the tests in integration/container/mounts_linux_test.go if that is a better option.

needs a rebase

Is changing tmpfs to use noexec by default breaking?

I concur @thaJeztah idea to have a more generic way to pass options to tmpfs rather than implementing a specific option for exec. The options specified should be validated against a whitelist.

We have to figure which options to allow but let's at least include exec and noexec, but maybe others that are valid for tmpfs (see man 8 mount and the comment in

We can add nr_inodes and mpol to the whitelist.

Options such as uid and gid might not work well in a cluster environment so they should probably not be added at this time.

Options nr_blocks and size should not be added, as they are already handled.

@adshmh would you wish to work on that?

@kolyshkin Sure, I can update the PR.

Is the following correct regarding the requirements?

• Allow a more generic way of passing options to tmpfs (perhaps a string)
• A white list for the allowed options
• Currently allow: exec, noexec, nr_inodes and mpol

Allow a more generic way of passing options to tmpfs (perhaps a string)

From a CLI /UX perspective, this could use the same as docker volume create --opt foo=bar --opt bar=baz

A white list for the allowed options

Yes; we discussed this, and generally it's easier to add more options later than removing an option (as that would be a breaking change), so for that reason, we prefer a whitelist.

nr_inodes and mpol

I'm not against adding them, just wondering how common they are (i.e. should we add those now, or add them once we see a need); @kolyshkin ?

Codecov Report

❗ No coverage uploaded for pull request base (master@5c152ea). Click here to learn what that means.
The diff coverage is 86.66%.

@@            Coverage Diff            @@
##             master   #36720   +/-   ##
=========================================
  Coverage          ?   36.61%           
=========================================
  Files             ?      608           
  Lines             ?    45055           
  Branches          ?        0           
=========================================
  Hits              ?    16496           
  Misses            ?    26279           
  Partials          ?     2280

Discussing in the maintainers meeting with @kolyshkin @cpuguy83, and having these options as a string should be ok for now; no reason to make it more complicated. Moving this to code review

This also needs a PR in swarmkit to make the required changes there

Thank you for the review. I will submit PRs on swarmkit and docker/cli.

@adshmh this one needs to be rebased

@olljanat thanks for the reminder. I will rebase the PR.

reserved for my derek commands)

What's the status on this?

Using docker for CI/CD that requires lots of unpacking, build, throw-away is about 10 times faster with proper use of tmpfs, and this almost always requires a tmpfs mounted with -o exec.

What is needed to get this thing out of the door? I mean, it has been what, two years that this is languishing ?

At least this needs to be rebased

Needs another rebase.
LGTM if CI green

@adshmh Any updates?