virtcontainers: Do not pass /dev/shm as 9p mount #191
Conversation
|
Unit tests failed I think: Having a look at the docker docs, I think we can treat |
|
@amshinde, @sboeuf, @grahamwhaley - yep, that limitation is recorded in kata-containers/kata-containers#21. |
|
A quick look suggests that |
|
ouch, not passed in the |
|
@grahamwhaley Yes, we need to inspect the mount on the host to find out the size and pass that to the guest. Had created an issue for this in CC long back. |
|
@grahamwhaley Unit tests are failing related to CPU resources for sandbox. Not related to this change. |
|
@amshinde I think this is related also to: kata-containers/tests#203 which enabled unit tests on jenkins. |
|
@chavafg Oh, so we were not running unit tests before that change. I see a similar failure on your other PR : http://kata-jenkins-ci.westus2.cloudapp.azure.com/job/kata-containers-runtime-ubuntu-16-04-PR/163/console @devimc Do you have any input on this? Do you think we should disable those tests till you fix the issue? |
| // We need to treat /dev/shm as a special case. This is passed as a bind mount in the spec, | ||
| // but it does not make sense to pass this as a 9p mount from the host side. | ||
| // This needs to be handled purely in the guest, by allocating memory for this inside the VM. | ||
| if m.Destination == "/dev/shm" { |
There was a problem hiding this comment.
Both runc spec and docker-runc spec creates an OCI spec listing /dev/shm as tmpfs. How did you get the bind mounted /dev/shm in OCI spec?
There was a problem hiding this comment.
@bergwolf
It looks like docker will create a bind mount for "/dev/shm", I just checked config file from docker, it adds this item:
{"destination":"/dev/shm","type":"bind","source":"/var/lib/docker/containers/fc243bca3002a1264072d07086b77970ab9e6a8da9c5143b0af6c0fbb1f2367d/shm","options":["rbind","rprivate"]}
So this change makes sense in this case.
There was a problem hiding this comment.
@WeiZhang555 Are there other files in /dev/ and /sys directory we want to ignore?
There was a problem hiding this comment.
Default mounts are here:
"mounts": [
{
"destination": "/proc",
"options": [
"nosuid",
"noexec",
"nodev"
],
"source": "proc",
"type": "proc"
},
{
"destination": "/dev",
"options": [
"nosuid",
"strictatime",
"mode=755"
],
"source": "tmpfs",
"type": "tmpfs"
},
{
"destination": "/dev/pts",
"options": [
"nosuid",
"noexec",
"newinstance",
"ptmxmode=0666",
"mode=0620",
"gid=5"
],
"source": "devpts",
"type": "devpts"
},
{
"destination": "/sys",
"options": [
"nosuid",
"noexec",
"nodev",
"ro"
],
"source": "sysfs",
"type": "sysfs"
},
{
"destination": "/sys/fs/cgroup",
"options": [
"ro",
"nosuid",
"noexec",
"nodev"
],
"source": "cgroup",
"type": "cgroup"
},
{
"destination": "/dev/mqueue",
"options": [
"nosuid",
"noexec",
"nodev"
],
"source": "mqueue",
"type": "mqueue"
},
{
"destination": "/etc/resolv.conf",
"options": [
"rbind",
"rprivate"
],
"source": "/var/lib/docker/containers/fc243bca3002a1264072d07086b77970ab9e6a8da9c5143b0af6c0fbb1f2367d/resolv.conf",
"type": "bind"
},
{
"destination": "/etc/hostname",
"options": [
"rbind",
"rprivate"
],
"source": "/var/lib/docker/containers/fc243bca3002a1264072d07086b77970ab9e6a8da9c5143b0af6c0fbb1f2367d/hostname",
"type": "bind"
},
{
"destination": "/etc/hosts",
"options": [
"rbind",
"rprivate"
],
"source": "/var/lib/docker/containers/fc243bca3002a1264072d07086b77970ab9e6a8da9c5143b0af6c0fbb1f2367d/hosts",
"type": "bind"
},
{
"destination": "/dev/shm",
"options": [
"rbind",
"rprivate"
],
"source": "/var/lib/docker/containers/fc243bca3002a1264072d07086b77970ab9e6a8da9c5143b0af6c0fbb1f2367d/shm",
"type": "bind"
}
],
In this bind mount case, ignoring shm could be enough.
|
lgtm! |
All bind mounts are now passed to the guest with 9p. We need to exclude /dev/shm, as this is passed as a bind mount in the spec. We handle /dev/shm in the guest by allocating memory for it on the guest side. Passing /dev/shm as a 9p mount was causing it to be mounted twice. Fixes kata-containers#190 Signed-off-by: Archana Shinde <[email protected]>
amshinde
force-pushed
the
handle-shm-mount
branch
from
c351b22 to
e96d3ef
Compare
Codecov Report
@@ Coverage Diff @@
## master #191 +/- ##
=========================================
Coverage ? 65.59%
=========================================
Files ? 73
Lines ? 7635
Branches ? 0
=========================================
Hits ? 5008
Misses ? 2085
Partials ? 542
Continue to review full report at Codecov.
|
The statement returning an error in case VmPath is empty is wrong because an Id can be provided instead. This patch fixes this behavior and generates an error only if VmPath and Id are both empty. Fixes kata-containers#191 Signed-off-by: Sebastien Boeuf <[email protected]>
All bind mounts are now passed to the guest with 9p.
We need to exclude /dev/shm, as this is passed as a bind mount
in the spec. We handle /dev/shm in the guest by allocating
memory for it on the guest side. Passing /dev/shm as a 9p mount
was causing it to be mounted twice.
Fixes #190
Signed-off-by: Archana Shinde [email protected]