runroot: add check that it is on volatile storage #317
Conversation
giuseppe
force-pushed
the
add-check-runroot-tmpfs
branch
from
04ce96b to
6c4cf83
Compare
|
LGTM |
vrothberg
left a comment
vrothberg
left a comment
There was a problem hiding this comment.
The logic LGTM but I think we need the check in multiple paths. Maybe we can add an internal (s *store) validate() error func?
giuseppe
force-pushed
the
add-check-runroot-tmpfs
branch
from
6c4cf83 to
4bf47bf
Compare
|
@giuseppe This breaks tests. I think you will to mount a tmpfs on local storage to get this to pass. I wonder if this will break CI/CD Systems when we test also. Should we have a way to ignore this test. |
giuseppe
force-pushed
the
add-check-runroot-tmpfs
branch
from
4bf47bf to
fc244d6
Compare
store.go
Outdated
| if onTmpfs, err := mount.IsOnVolatileStorage(runRoot); err != nil || !onTmpfs { | ||
| if err != nil { | ||
| return errors.Wrapf(err, "cannot check if %s is on tmpfs", runRoot) | ||
| } else { |
There was a problem hiding this comment.
Nit: No need for the else, just keep the return line.
giuseppe
force-pushed
the
add-check-runroot-tmpfs
branch
2 times, most recently
from
4a1e4fc to
797c7ad
Compare
|
CI is not yet happy: |
giuseppe
force-pushed
the
add-check-runroot-tmpfs
branch
from
797c7ad to
77a5f90
Compare
|
@giuseppe Could you set up a WIP vendor of this patch into libpod and make sure the CI system passes. |
|
opened here: containers/podman#2976 |
CI is not running on a tmpfs :^) |
|
This is also going to cause issues with running containers within containers, will now require /run have a tmpfs mounted on /run |
giuseppe
force-pushed
the
add-check-runroot-tmpfs
branch
from
77a5f90 to
c566b2f
Compare
I've pushed a new version where it is possible to disable this check. I've also updated the WIP PR for podman to set it correctly when the "container" environment variable is set |
giuseppe
force-pushed
the
add-check-runroot-tmpfs
branch
from
c566b2f to
6518b34
Compare
giuseppe
force-pushed
the
add-check-runroot-tmpfs
branch
from
6518b34 to
20b8545
Compare
pkg/mount/mountinfo_linux.go
Outdated
| (11) super options: per super block options*/ | ||
| mountinfoFormat = "%d %d %d:%d %s %s %s %s" | ||
|
|
||
| TMPFS_MAGIC = 0x1021994 |
There was a problem hiding this comment.
Should probably reuse github.com/containers/storage/drivers.FsMagicTmpfs and the adjacent GetFSMagic() function here.
There was a problem hiding this comment.
should I move these functions to github.com/containers/storage/drivers? Otherwise it introduces an import cycle.
There was a problem hiding this comment.
Never mind that does not exists.
giuseppe
force-pushed
the
add-check-runroot-tmpfs
branch
from
20b8545 to
fae4ed4
Compare
Make sure the runroot won't persist after a reboot, if it happens then we can carry wrong information on the current active mounts. Closes: containers/podman#2150 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
force-pushed
the
add-check-runroot-tmpfs
branch
from
fae4ed4 to
3c4f600
Compare
|
LGTM, with one nit: we appear to be checking the location if one is specified in the configuration file, but not if one isn't. If that's intended, then it's fine. |
|
This still concerns me for the buildah inside of a podman container case, or inside of a docker or other container runtime. We need a mechanism to figure out whether we are running inside of a container. Does Docker always set the |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
docker doesn't seem to set that. I am going to close this PR for now, as it probably introduces more issues than it solves |
5 participants
Make sure the runroot won't persist after a reboot, if it happens then
we can carry wrong information on the current active mounts.
Closes: containers/podman#2150
Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com