Skip to content

config-linux: Clarify where device nodes can be created#1148

Merged
AkihiroSuda merged 1 commit intoopencontainers:mainfrom
c3d:issue/1147-device-location
Feb 15, 2023
Merged

config-linux: Clarify where device nodes can be created#1148
AkihiroSuda merged 1 commit intoopencontainers:mainfrom
c3d:issue/1147-device-location

Conversation

@c3d
Copy link
Contributor

@c3d c3d commented May 3, 2022

Clarify that device nodes need not be under /dev, but that the runtime need to
be informed of all the device nodes that are used by the
container.

Virtual-machine based runtimes such as Kata Containers need to be able to
perform adjustment on device nodes, and cannot be required to deep-scan
file-systems to do so.

The proposed wording was chosen to avoid any regression for any workload
mounding nodes elsewhere, while at the same time clarifying that correct
behaviour cannot be guaranteed if a device node is created on the host and used
by the container without being passed in the devices list.

This fixes issue #1147.

Signed-off-by: Christophe de Dinechin [email protected]

@c3d c3d force-pushed the issue/1147-device-location branch from e59594d to 78c1161 Compare May 3, 2022 10:43
@c3d
Copy link
Contributor Author

c3d commented May 3, 2022

A relevant issue in OpenShift sandboxed containers can be found here

giuseppe
giuseppe reviewed May 3, 2022
View reviewed changes
@c3d c3d force-pushed the issue/1147-device-location branch from 78c1161 to 30370e6 Compare May 5, 2022 09:05
giuseppe
giuseppe approved these changes May 5, 2022
View reviewed changes
Copy link
Member

@giuseppe giuseppe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

TomSweeneyRedHat
TomSweeneyRedHat reviewed May 5, 2022
View reviewed changes
Copy link

@TomSweeneyRedHat TomSweeneyRedHat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@c3d
Copy link
Contributor Author

c3d commented May 23, 2022

@TomSweeneyRedHat If this looks good to you, could you please change the status of your review to match?

@c3d
Copy link
Contributor Author

c3d commented Jun 29, 2022
edited
Loading

Ping?
Here is a new instance of the problem

@c3d c3d mentioned this pull request Jun 29, 2022
Closed
AkihiroSuda
AkihiroSuda reviewed Aug 10, 2022
View reviewed changes
config-linux.md Outdated
The same `type`, `major` and `minor` SHOULD NOT be used for multiple devices.

Containers MAY NOT access any device node that is not explicitly referenced in
the **`devices`** array. Rationale: runtimes based on virtual machines need to
Copy link
Member

@AkihiroSuda AkihiroSuda Aug 10, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Conflicts with the configLinuxDefaultDevices section

Copy link
Contributor Author

@c3d c3d Aug 10, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AkihiroSuda Good point. Reworded to indicate this.

AkihiroSuda
AkihiroSuda requested changes Aug 10, 2022
View reviewed changes
Copy link
Member

@AkihiroSuda AkihiroSuda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems inconsistent with the configLinuxDefaultDevices section

@c3d
config-linux: Clarify where device nodes can be created
3565df5 
Clarify that device nodes need not be under `/dev`, but that the runtimes need
to be informed of all the device nodes that are used by the container.

Virtual-machine based runtimes such as Kata Containers need to be able to
perform adjustment on device nodes, and cannot be required to deep-scan
file-systems to do so.

The proposed wording was chosen to avoid any regression for any workload
mounding nodes elsewhere, while at the same time clarifying that correct
behaviour cannot be guaranteed if a device node is created on the host and used
by the container without being passed in the devices list.

This fixes issue opencontainers#1147.

Signed-off-by: Christophe de Dinechin <[email protected]>
@c3d c3d force-pushed the issue/1147-device-location branch from 30370e6 to 3565df5 Compare August 10, 2022 08:25
@AkihiroSuda AkihiroSuda added this to the v1.1.0 milestone Feb 12, 2023
@AkihiroSuda AkihiroSuda merged commit 58ec43f into opencontainers:main Feb 15, 2023
@AkihiroSuda AkihiroSuda mentioned this pull request Mar 28, 2023
Merged
@AkihiroSuda AkihiroSuda mentioned this pull request Jun 26, 2023
Merged
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@giuseppe giuseppe giuseppe approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

@crosbymichael crosbymichael Awaiting requested review from crosbymichael crosbymichael is a code owner

@cyphar cyphar Awaiting requested review from cyphar cyphar is a code owner

@dqminh dqminh Awaiting requested review from dqminh dqminh is a code owner

@hqhq hqhq Awaiting requested review from hqhq hqhq is a code owner

@mrunalp mrunalp Awaiting requested review from mrunalp mrunalp is a code owner

@tianon tianon Awaiting requested review from tianon tianon is a code owner

@vbatts vbatts Awaiting requested review from vbatts

@kolyshkin kolyshkin Awaiting requested review from kolyshkin kolyshkin is a code owner

+1 more reviewer

@TomSweeneyRedHat TomSweeneyRedHat TomSweeneyRedHat left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v1.1.0

Development

Successfully merging this pull request may close these issues.

4 participants

@c3d @giuseppe @AkihiroSuda @TomSweeneyRedHat