!1 iSulad-lxcfs-toolkit: remount lxcfs cgroup path readonly in container
Merge pull request !1 from openEuler-iSula/master
This commit is contained in:
openeuler-ci-bot
Gitee
commit
186fee3b59
@ -4,7 +4,7 @@
|
|||||||
#Basic Information
|
#Basic Information
|
||||||
Name: isulad-lxcfs-toolkit
|
Name: isulad-lxcfs-toolkit
|
||||||
Version: 0.3
|
Version: 0.3
|
||||||
Release: 14
|
Release: 15
|
||||||
Summary: toolkit for lxcfs to remount a running isulad
|
Summary: toolkit for lxcfs to remount a running isulad
|
||||||
License: Mulan PSL v1
|
License: Mulan PSL v1
|
||||||
Source0: %{name}.tar.gz
|
Source0: %{name}.tar.gz
|
||||||
|
|||||||
@ -50,7 +50,7 @@ func prestartMountHook(pid int, rootfs string) error {
|
|||||||
valueMountPaths = append(valueMountPaths, fmt.Sprintf("/var/lib/lxc/lxcfs/proc/%s", value.Name()))
|
valueMountPaths = append(valueMountPaths, fmt.Sprintf("/var/lib/lxc/lxcfs/proc/%s", value.Name()))
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := libmount.NsExecMount(strconv.Itoa(pid), valueMountPaths, valuePaths); err != nil {
|
if err := libmount.NsExecMount(strconv.Itoa(pid), rootfs, valueMountPaths, valuePaths); err != nil {
|
||||||
isulad_lxcfs_log.Errorf("mount %v into container error: %v", valueMountPaths, err)
|
isulad_lxcfs_log.Errorf("mount %v into container error: %v", valueMountPaths, err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|||||||
@ -25,6 +25,10 @@ import (
|
|||||||
"github.com/docker/docker/pkg/reexec"
|
"github.com/docker/docker/pkg/reexec"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
lxcfsPath = "/var/lib/lxc/lxcfs/cgroup"
|
||||||
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
reexec.Register(nsexec.NsEnterReexecName, WorkInContainer)
|
reexec.Register(nsexec.NsEnterReexecName, WorkInContainer)
|
||||||
}
|
}
|
||||||
@ -94,6 +98,14 @@ func doMount(pipe *os.File) error {
|
|||||||
if err := json.NewDecoder(pipe).Decode(&mount); err != nil {
|
if err := json.NewDecoder(pipe).Decode(&mount); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// remount lxcfs cgroup path readonly
|
||||||
|
if err := syscall.Mount(mount.Rootfs+lxcfsPath, mount.Rootfs+lxcfsPath, "none", syscall.MS_BIND, ""); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := syscall.Mount(mount.Rootfs+lxcfsPath, mount.Rootfs+lxcfsPath, "none", syscall.MS_BIND|syscall.MS_REMOUNT|syscall.MS_RDONLY, ""); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
for i := 0; i < len(mount.SrcPaths) && i < len(mount.DestPaths); i++ {
|
for i := 0; i < len(mount.SrcPaths) && i < len(mount.DestPaths); i++ {
|
||||||
if err := syscall.Mount(mount.SrcPaths[i], mount.DestPaths[i], "none", syscall.MS_BIND, ""); err != nil {
|
if err := syscall.Mount(mount.SrcPaths[i], mount.DestPaths[i], "none", syscall.MS_BIND, ""); err != nil {
|
||||||
return err
|
return err
|
||||||
@ -114,5 +126,10 @@ func doUmount(pipe *os.File) error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if err := syscall.Unmount(lxcfsPath, 0); err != nil {
|
||||||
|
if !strings.Contains(err.Error(), "invalid argument") {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|||||||
@ -18,9 +18,11 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// NsExecMount exec mount in container namespace
|
// NsExecMount exec mount in container namespace
|
||||||
func NsExecMount(pid string, srcPaths []string, destPaths []string) error {
|
func NsExecMount(pid string, rootfs string, srcPaths []string, destPaths []string) error {
|
||||||
driver := nsexec.NewDefaultNsDriver()
|
driver := nsexec.NewDefaultNsDriver()
|
||||||
mount := &nsexec.Mount{}
|
mount := &nsexec.Mount{
|
||||||
|
Rootfs: rootfs,
|
||||||
|
}
|
||||||
for i := 0; i < len(srcPaths) && i < len(destPaths); i++ {
|
for i := 0; i < len(srcPaths) && i < len(destPaths); i++ {
|
||||||
mount.SrcPaths = append(mount.SrcPaths, srcPaths[i])
|
mount.SrcPaths = append(mount.SrcPaths, srcPaths[i])
|
||||||
mount.DestPaths = append(mount.DestPaths, destPaths[i])
|
mount.DestPaths = append(mount.DestPaths, destPaths[i])
|
||||||
|
|||||||
@ -41,6 +41,7 @@ const (
|
|||||||
|
|
||||||
// Mount is mount argument
|
// Mount is mount argument
|
||||||
type Mount struct {
|
type Mount struct {
|
||||||
|
Rootfs string
|
||||||
SrcPaths []string
|
SrcPaths []string
|
||||||
DestPaths []string
|
DestPaths []string
|
||||||
}
|
}
|
||||||
|
|||||||
@ -247,7 +247,7 @@ func remountToContainer(initMountns, initUserns, containerid string, pid string,
|
|||||||
isulad_lxcfs_log.Errorf("unmount %v for container error: %v", valuePaths, err)
|
isulad_lxcfs_log.Errorf("unmount %v for container error: %v", valuePaths, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := libmount.NsExecMount(pid, valueMountPaths, valuePaths); err != nil {
|
if err := libmount.NsExecMount(pid, "", valueMountPaths, valuePaths); err != nil {
|
||||||
isulad_lxcfs_log.Errorf("mount %v into container %s error: %v", valueMountPaths, containerid, err)
|
isulad_lxcfs_log.Errorf("mount %v into container %s error: %v", valueMountPaths, containerid, err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user