aljaz/kata-containers
1
0
Fork 0
mirror of https://github.com/aljazceru/kata-containers.git synced 2026-01-18 13:54:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

runtime: mount direct-assigned block device fs only once

Browse Source 
Mount the direct-assigned block device fs only once and keep a refcount
in the guest. Also use the ro flag inside the options field to determine
whether the block device and filesystem should be mounted as ro

Fixes: #3454

Signed-off-by: Feng Wang <feng.wang@databricks.com>
This commit is contained in:
Feng Wang
2022-02-28 20:44:31 -08:00
parent 27fb490228
commit f905161bbb
4 changed files with 28 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/runtime/virtcontainers/container.go
View File

@@ -626,12 +626,22 @@ func (c *Container) createBlockDevices(ctx context.Context) error {
c.Logger().WithError(err).Error("error writing sandbox info")
}
readonly := false
for _, flag := range mntInfo.Options {
if flag == "ro" {
readonly = true
break
}
}
c.mounts[i].Source = mntInfo.Device
c.mounts[i].Type = mntInfo.FsType
c.mounts[i].Options = mntInfo.Options
c.mounts[i].ReadOnly = readonly
m.Source = mntInfo.Device
m.Type = mntInfo.FsType
m.Options = mntInfo.Options
m.ReadOnly = readonly
}
var stat unix.Stat_t

12
src/runtime/virtcontainers/kata_agent.go
View File

@@ -6,6 +6,7 @@
package virtcontainers
import (
b64 "encoding/base64"
"encoding/json"
"errors"
"fmt"
@@ -1545,11 +1546,14 @@ func (k *kataAgent) handleBlkOCIMounts(c *Container, spec *specs.Spec) ([]*grpc.
return nil, err
}
// The device will be mounted at a unique location within the VM. Mounting
// Each device will be mounted at a unique location within the VM only once. Mounting
// to the container specific location is handled within the OCI spec. Let's ensure that
// the storage mount point is unique, and that this is utilized as the source in the OCI
// spec.
filename := fmt.Sprintf("%s-%s", uuid.Generate().String(), filepath.Base(vol.MountPoint))
// the storage mount point is unique for each device. This is then utilized as the source
// in the OCI spec. If multiple containers mount the same block device, it's refcounted inside
// the guest by Kata agent.
filename := b64.StdEncoding.EncodeToString([]byte(vol.Source))
// Make the base64 encoding path safe.
filename = strings.ReplaceAll(filename, "/", "_")
path := filepath.Join(kataGuestSandboxStorageDir(), filename)
// Update applicable OCI mount source