aljaz/kata-containers
1
0
Fork 0
mirror of https://github.com/aljazceru/kata-containers.git synced 2025-12-19 07:14:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

runtime: fix virtiofsd RO volume sharing

Browse Source 
Right now we rely heavily on mount propagation to share host
files/directories to the guest. However, because virtiofsd
pivots and moves itself to a separate mount namespace, the remount
mount is not present in virtiofsd's mount. And it causes guest to be
able to write to the host RO volume.

To fix it, create a private RO mount and then move it to the host mounts
dir so that it will be present readonly in the host-guest shared dir.

Fixes: #1552
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
This commit is contained in:
Peng Tao
2021-03-12 16:25:35 +08:00
parent b9489e6c6e
commit e34924488b
3 changed files with 71 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/runtime/virtcontainers/container.go
View File

@@ -472,18 +472,36 @@ func (c *Container) shareFiles(ctx context.Context, m Mount, idx int, hostShared
} else {
// These mounts are created in the shared dir
mountDest := filepath.Join(hostMountDir, filename)
if err := bindMount(ctx, m.Source, mountDest, m.ReadOnly, "private"); err != nil {
return "", false, err
if !m.ReadOnly {
if err := bindMount(c.ctx, m.Source, mountDest, false, "private"); err != nil {
return "", false, err
}
} else {
// For RO mounts, bindmount remount event is not propagated to mount subtrees,
// and it doesn't present in the virtiofsd standalone mount namespace either.
// So we end up a bit tricky:
// 1. make a private bind mount to the mount source
// 2. make another ro bind mount on the private mount
// 3. move the ro bind mount to mountDest
// 4. umount the private bind mount created in step 1
privateDest := filepath.Join(getPrivatePath(c.sandboxID), filename)
if err := bindMount(c.ctx, m.Source, privateDest, false, "private"); err != nil {
return "", false, err
}
defer func() {
syscall.Unmount(privateDest, syscall.MNT_DETACH|UmountNoFollow)
}()
if err := bindMount(c.ctx, privateDest, privateDest, true, "private"); err != nil {
return "", false, err
}
if err := moveMount(c.ctx, privateDest, mountDest); err != nil {
return "", false, err
}
syscall.Unmount(privateDest, syscall.MNT_DETACH|UmountNoFollow)
}
// Save HostPath mount value into the mount list of the container.
c.mounts[idx].HostPath = mountDest
// bindmount remount event is not propagated to mount subtrees, so we have to remount the shared dir mountpoint directly.
if m.ReadOnly {
mountDest = filepath.Join(hostSharedDir, filename)
if err := remountRo(c.ctx, mountDest); err != nil {
return "", false, err
}
}
}
return guestDest, false, nil