Skip to content

[1.2] fix rootfs propagation mode to shared / unbindable #4791

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rata merged 1 commit into from
Jul 16, 2025
Merged

[1.2] fix rootfs propagation mode to shared / unbindable #4791

rata merged 1 commit into from
Jul 16, 2025

Conversation

@rata
Copy link
Member

@rata rata commented Jun 20, 2025

(cherry picked from commit 04be81b)
Backport of #4724 to release-1.2 branch. Original description follows.

This PR adds support for applying mount propagation settings (MS_SHARED or MS_UNBINDABLE) to the container root based on the value of config.RootPropagation.
We apply mount propagation after executing pivot_root and rootfsParentMountPrivate

Fixes #1755

Related:
#1815
youki-dev/youki#3141

Signed-off-by: Yusuke Sakurai yusuke.sakurai@3-shake.com

@rata rata requested review from kolyshkin and lifubang June 20, 2025 14:24
@rata rata mentioned this pull request Jun 20, 2025
Merged
@kolyshkin kolyshkin added this to the 1.2.7 milestone Jun 20, 2025
@kolyshkin kolyshkin added the backport/1.2-pr A backport PR to release-1.2 label Jun 20, 2025
@kolyshkin
Copy link
Contributor

kolyshkin commented Jun 20, 2025

Hmm, I was not aware we're going to make another 1.2.x release. If we are, though, it's going to be 1.2.7 which already have some stuff merged.

@rata
Copy link
Member Author

rata commented Jul 2, 2025
edited
Loading

@kolyshkin In the release policy we said we will be quite flexible in what classifies for backport to n-1, I'd like to backport when it's simple or makes sense. Also, 1.2 is widely used in Azure, checking quickly it seems in google Container optimized OS too.

Do you prefer to avoid backports to 1.2 for some reason?

@rata
Copy link
Member Author

rata commented Jul 14, 2025

@kolyshkin friendly ping?

@kolyshkin kolyshkin force-pushed the rootfs-propagation-12 branch from d8448ab to 8d26e56 Compare July 15, 2025 02:14
@kolyshkin
Copy link
Contributor

kolyshkin commented Jul 15, 2025

@kolyshkin In the release policy we said we will be quite flexible in what classifies for backport to n-1, I'd like to backport when it's simple or makes sense. Also, 1.2 is widely used in Azure, checking quickly it seems in google Container optimized OS too.

Do you prefer to avoid backports to 1.2 for some reason?

Not directly, no. What I prefer (being practical and lazy) is maintaining one less branch (meaning I'd love users to switch to v1.3 sooner). If we backport all fixes to v1.2 there's never an incentive to switch to v1.3. Also, making more 1.2 releases may result in thinking that v1.3 is somehow not quite ready, which is not true to my best knowledge.

Our release policy says (note "latest-1" means v1.2.x now):

latest-1 will only receive security fixes and significant bug fixes (what bug fixes are "significant" are down to the maintainer's judgement, but maintainers should err on the side of reducing the number of backports at this stage). At this stage, users of latest-1 are encouraged to start planning the migration to the latest release of runc (as well as reporting any issues they may find).

I guess I'm OK with this PR as it is (as this is indeed a significant bug fix), just don't want too much backports in general, for the reasons outlined above.

@kolyshkin
Copy link
Contributor

kolyshkin commented Jul 15, 2025

Also, we need a backport of #4806 to release-1.2 to fix CI.

kolyshkin
kolyshkin approved these changes Jul 15, 2025
View reviewed changes
Copy link
Contributor

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM (but please don't merge until CI is fixed).

@saku3 @rata
fix rootfs propagation mode
2667d73 
Signed-off-by: Yusuke Sakurai <yusuke.sakurai@3-shake.com>
(cherry picked from commit 04be81b)
@rata rata force-pushed the rootfs-propagation-12 branch from 8d26e56 to 2667d73 Compare July 16, 2025 10:04
@rata rata enabled auto-merge July 16, 2025 10:05
@rata
Copy link
Member Author

rata commented Jul 16, 2025

@kolyshkin thanks, rebased! Let's see if CI is green now 🤞

@rata rata merged commit e6e6f64 into opencontainers:release-1.2 Jul 16, 2025
35 checks passed
@rata rata deleted the rootfs-propagation-12 branch July 16, 2025 10:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lifubang lifubang lifubang approved these changes

@kolyshkin kolyshkin kolyshkin approved these changes

Assignees

No one assigned

Labels

backport/1.2-pr A backport PR to release-1.2

Projects

None yet

Milestone

1.2.7

Development

Successfully merging this pull request may close these issues.

4 participants

@rata @kolyshkin @lifubang @saku3