Skip to content

[1.4] rootfs: only set mode= for tmpfs mount if target already existed #4976

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lifubang merged 1 commit into from
Nov 11, 2025
Merged

[1.4] rootfs: only set mode= for tmpfs mount if target already existed #4976

lifubang merged 1 commit into from
Nov 11, 2025

Conversation

@cyphar
Copy link
Member

@cyphar cyphar commented Nov 7, 2025
edited
Loading

Backport of #4973. (Draft until merged.)

This was always the intended behaviour but commit 72fbb34 ("rootfs:
switch to fd-based handling of mountpoint targets") regressed it when
adding a mechanism to create a file handle to the target if it didn't
already exist (causing the later stat to always succeed).

A lot of people depend on this functionality, so add some tests to make
sure we don't break it in the future.

Fixes #4971
Fixes: 72fbb34 ("rootfs: switch to fd-based handling of mountpoint targets")
Signed-off-by: Aleksa Sarai [email protected]

@cyphar cyphar added the backport/1.4-pr A backport PR to release-1.4 label Nov 7, 2025
@lifubang lifubang added this to the 1.4.0 milestone Nov 8, 2025
@cyphar
rootfs: only set mode= for tmpfs mount if target already existed
fbf9e99 
This was always the intended behaviour but commit 72fbb34 ("rootfs:
switch to fd-based handling of mountpoint targets") regressed it when
adding a mechanism to create a file handle to the target if it didn't
already exist (causing the later stat to always succeed).

A lot of people depend on this functionality, so add some tests to make
sure we don't break it in the future.

Fixes: 72fbb34 ("rootfs: switch to fd-based handling of mountpoint targets")
Signed-off-by: Aleksa Sarai <[email protected]>
(cherry picked from commit 9a9719e)
Signed-off-by: Aleksa Sarai <[email protected]>
@cyphar cyphar marked this pull request as ready for review November 10, 2025 16:12
@cyphar cyphar mentioned this pull request Nov 10, 2025
Closed
13 tasks
@lifubang lifubang merged commit 80cfbe4 into opencontainers:release-1.4 Nov 11, 2025
72 of 74 checks passed
@cyphar cyphar deleted the 1.4-tmpfs-mode branch November 11, 2025 03:50
@lifubang lifubang mentioned this pull request Nov 26, 2025
Merged
@cyphar cyphar mentioned this pull request Nov 27, 2025
Merged
Xeeynamo added a commit to Xeeynamo/moby that referenced this pull request Dec 1, 2025
@Xeeynamo
Dockerfile: update runc binary to v1.3.4
c2653d2 
- release notes: https://github.com/opencontainers/runc/releases/tag/v1.3.4
- full diff: opencontainers/[email protected]

This version bump aims to fix a regression in runc v1.3.3, which caused
/dev/shm to have inappropriate permissions exposed to containers:
* opencontainers/runc#4971
* opencontainers/runc#4976
@Xeeynamo Xeeynamo mentioned this pull request Dec 1, 2025
Merged
Xeeynamo added a commit to Xeeynamo/moby that referenced this pull request Dec 1, 2025
@Xeeynamo
Dockerfile: update runc binary to v1.3.4
b9ceb7d 
- release notes: https://github.com/opencontainers/runc/releases/tag/v1.3.4
- full diff: opencontainers/[email protected]

This version bump aims to fix a regression in runc v1.3.3, which caused
/dev/shm to have inappropriate permissions exposed to containers:
* opencontainers/runc#4971
* opencontainers/runc#4976

Signed-off-by: Luciano Ciccariello <[email protected]>
Xeeynamo added a commit to Xeeynamo/moby that referenced this pull request Dec 1, 2025
@Xeeynamo
Dockerfile: update runc binary to v1.4.0
fd7fadc 
- release notes: https://github.com/opencontainers/runc/releases/tag/v1.4.0
- full diff: opencontainers/[email protected]

This version bump aims to fix a regression in runc v1.3.3, which caused
/dev/shm to have inappropriate permissions exposed to containers:
* opencontainers/runc#4971
* opencontainers/runc#4976

Signed-off-by: Luciano Ciccariello <[email protected]>
Xeeynamo added a commit to Xeeynamo/moby that referenced this pull request Dec 2, 2025
@Xeeynamo
Dockerfile: update runc binary to v1.3.4
f97f234 
- release notes: https://github.com/opencontainers/runc/releases/tag/v1.4.0
- full diff: opencontainers/[email protected]

This version bump aims to fix a regression in runc v1.3.3, which caused
/dev/shm to have inappropriate permissions exposed to containers:
* opencontainers/runc#4971
* opencontainers/runc#4976

Signed-off-by: Luciano Ciccariello <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lifubang lifubang lifubang approved these changes

@kolyshkin kolyshkin kolyshkin approved these changes

Assignees

No one assigned

Labels

backport/1.4-pr A backport PR to release-1.4

Projects

None yet

Milestone

1.4.0

Development

Successfully merging this pull request may close these issues.

3 participants

@cyphar @lifubang @kolyshkin