Skip to content

mount: add BindOptions.NonRecursive (API v1.40)#38003

Merged
thaJeztah merged 1 commit intomoby:masterfrom
AkihiroSuda:non-recursive-bind
Nov 7, 2018
Merged

mount: add BindOptions.NonRecursive (API v1.40)#38003
thaJeztah merged 1 commit intomoby:masterfrom
AkihiroSuda:non-recursive-bind

Conversation

@AkihiroSuda
Copy link
Member

@AkihiroSuda AkihiroSuda commented Oct 10, 2018

This allows non-recursive bind-mount, i.e. mount(2) with "bind" rather than "rbind".

Signed-off-by: Akihiro Suda [email protected]

- What I did

Support non-recursive bind-mount.
Related to #37838 .

- How I did it

  • Added NonRecursive to BindOptions.
  • Bumped up API version to v1.40
  • Swarm-mode will be supported via a separate PR, because of mutual vendoring

- How to verify it

CLI: docker/cli#1430

$ mountpoint /run
/run is a mountpoint
$ docker run --rm --mount type=bind,src=/,target=/host,readonly busybox touch /host/run/compromise_success
$ docker run --rm --mount type=bind,src=/,target=/host,readonly,bind-nonrecursive busybox touch /host/run/compromise_fail
touch: /host/run/compromise_fail: Read-only file system
$ sudo ls /run/compromise_*
/run/compromise_success

- Description for the changelog

mount: add BindOptions.NonRecursive (API v1.40)

- A picture of a cute animal (not mandatory but encouraged)
https://upload.wikimedia.org/wikipedia/commons/2/28/Kaiserpinguine_mit_Jungen.jpg

penguins

@codecov
Copy link

codecov bot commented Oct 10, 2018

Codecov Report

❗ No coverage uploaded for pull request base (master@12bba16). Click here to learn what that means.
The diff coverage is 0%.

@@            Coverage Diff            @@
##             master   #38003   +/-   ##
=========================================
  Coverage          ?   35.92%           
=========================================
  Files             ?      610           
  Lines             ?    45473           
  Branches          ?        0           
=========================================
  Hits              ?    16337           
  Misses            ?    26897           
  Partials          ?     2239

@thaJeztah
Copy link
Member

ping @justincormack @kolyshkin ptal

Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some comments about the API changes; I'm not too familiar with the actual changes for mounting, so I'll leave that to @cpuguy83 and @kolyshkin

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you also mention;

  • GET /containers/<id>/json
  • GET /containers/json

And when swarmkit changes are done;

  • POST /services/create
  • POST /services/{id}/update
  • GET /services
  • GET /services/{id}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does omitempty actually work for a bool (not a pointer)? If not; perhaps we should make it a pointer so that it can be kept empty (and we can distinguish false from not set)

We should also make sure that this option is ignored on older API versions; i.e., if a request is sent to API version < 1.40, the NoRecursive option should be set to nil (or false); similar to

// When using API 1.24 and under, the client is responsible for removing the container
if hostConfig != nil && versions.LessThan(version, "1.25") {
hostConfig.AutoRemove = false
}

Same for createService;

if versions.LessThan(cliVersion, "1.39") {
if service.TaskTemplate.ContainerSpec != nil {
// Sysctls for docker swarm services weren't supported before
// API version 1.39
service.TaskTemplate.ContainerSpec.Sysctls = nil
}
}

And for updateService;

if versions.LessThan(cliVersion, "1.39") {
if service.TaskTemplate.ContainerSpec != nil {
// Sysctls for docker swarm services weren't supported before
// API version 1.39
service.TaskTemplate.ContainerSpec.Sysctls = nil
}
}

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://play.golang.org/p/gEZoDu7LdG

Does omitempty actually work for a bool (not a pointer)?

Seems yes

@AkihiroSuda
Copy link
Member Author

Updated PR. (Swarm-mode will be separate PR)

@AkihiroSuda
Copy link
Member Author

thanks, rebased

@AkihiroSuda AkihiroSuda changed the title mount: add BindOptions.NoRecursive (API v1.40) mount: add BindOptions.NonRecursive (API v1.40) Oct 31, 2018
@AkihiroSuda
Copy link
Member Author

renamed to NonRecursive

Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @AkihiroSuda - I left some comments.

Erm... (not gonna make myself popular with you 😅) I was just recalling a discussion we had on another PR about options for tmpfs. (this PR: #36720)

Thinking now if we should have a dedicated boolean for this in the API, or take the same approach as was used in that PR.

@AkihiroSuda @cpuguy83 @kolyshkin wdyt?

@thaJeztah thaJeztah added the area/volumes Volumes label Nov 1, 2018
@AkihiroSuda
Copy link
Member Author

Thinking now if we should have a dedicated boolean for this in the API, or take the same approach as was used in that PR.

I feel this PR is really specific to BindOptions

This allows non-recursive bind-mount, i.e. mount(2) with "bind" rather than "rbind".

Swarm-mode will be supported in a separate PR because of mutual vendoring.

Signed-off-by: Akihiro Suda <[email protected]>
@AkihiroSuda
Copy link
Member Author

updated

}

func TestContainerBindMountNonRecursive(t *testing.T) {
skip.If(t, testEnv.DaemonInfo.OSType != "linux" || testEnv.IsRemoteDaemon())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could probably get rid of the remote daemon check if we do all the mounting in a container with shared propagation.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you be more specific? Do you mean DIND?

Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM after @cpuguy83's comment https://github.com/moby/moby/pull/38003/files#r231328643 is addressed (but I'd be ok with keeping that for a follow-up)

@cpuguy83
Copy link
Member

cpuguy83 commented Nov 7, 2018

Yeah LGTM as is.
On mobile so I can't merge with failing ci.

@thaJeztah thaJeztah merged commit bd224b5 into moby:master Nov 7, 2018
AkihiroSuda added a commit to AkihiroSuda/swarmkit that referenced this pull request Nov 7, 2018
@AkihiroSuda
Copy link
Member Author

Swarmkit PR: moby/swarmkit#2780

AkihiroSuda added a commit to AkihiroSuda/swarmkit that referenced this pull request Nov 7, 2018
AkihiroSuda added a commit to AkihiroSuda/swarmkit that referenced this pull request Jan 5, 2019
AkihiroSuda added a commit to AkihiroSuda/swarmkit that referenced this pull request Jan 5, 2019
thaJeztah added a commit to thaJeztah/docker that referenced this pull request Feb 1, 2019
Full diff: moby/swarmkit@8af8c42...1a0ebd4

relevant changes:

- swarmkit#2771 Allow using Configs as CredentialSpecs
- swarmkit#2804 Make Service.UpdateStatus non-ambiguous
- swarmkit#2805 Refactor condition in restart supervisor
- swarmkit#2780 api: add BindOptions.NonRecursive
  - related to moby#38003
- swarmkit#2790 Fix possible panic if NetworkConfig is nil
- swarmkit#2797 Include old error-message for backward compatibility
  - related to swarmkit#2779 / moby#38140 / moby#38142

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@AkihiroSuda
Copy link
Member Author

PR for Swarm-mode: #38788

adi-dhulipala pushed a commit to adi-dhulipala/docker that referenced this pull request Apr 11, 2019
Full diff: moby/swarmkit@8af8c42...1a0ebd4

relevant changes:

- swarmkit#2771 Allow using Configs as CredentialSpecs
- swarmkit#2804 Make Service.UpdateStatus non-ambiguous
- swarmkit#2805 Refactor condition in restart supervisor
- swarmkit#2780 api: add BindOptions.NonRecursive
  - related to moby#38003
- swarmkit#2790 Fix possible panic if NetworkConfig is nil
- swarmkit#2797 Include old error-message for backward compatibility
  - related to swarmkit#2779 / moby#38140 / moby#38142

Signed-off-by: Sebastiaan van Stijn <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants