go
/
gvisor
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #4420 from workato:dev-options 

PiperOrigin-RevId: 339363816
This commit is contained in:
gVisor bot 2020-10-27 17:22:26 -07:00
parent 4d9066d1d7 2b72da8bf9
commit 013d79d8e4
2 changed files with 21 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
runsc/boot/fs.go
View File

@ -105,33 +105,28 @@ func addOverlay(ctx context.Context, conf *config.Config, lower *fs.Inode, name
// mandatory mounts that are required by the OCI specification. // mandatory mounts that are required by the OCI specification.
func compileMounts(spec *specs.Spec) []specs.Mount { func compileMounts(spec *specs.Spec) []specs.Mount {
// Keep track of whether proc and sys were mounted. // Keep track of whether proc and sys were mounted.
var procMounted, sysMounted bool var procMounted, sysMounted, devMounted, devptsMounted bool
var mounts []specs.Mount var mounts []specs.Mount
// Always mount /dev.
mounts = append(mounts, specs.Mount{
Type: devtmpfs.Name,
Destination: "/dev",
})
mounts = append(mounts, specs.Mount{
Type: devpts.Name,
Destination: "/dev/pts",
})
// Mount all submounts from the spec. // Mount all submounts from the spec.
for _, m := range spec.Mounts { for _, m := range spec.Mounts {
if !specutils.IsSupportedDevMount(m) { if !specutils.IsSupportedDevMount(m) {
log.Warningf("ignoring dev mount at %q", m.Destination) log.Warningf("ignoring dev mount at %q", m.Destination)
continue continue
} }
mounts = append(mounts, m)
switch filepath.Clean(m.Destination) { switch filepath.Clean(m.Destination) {
case "/proc": case "/proc":
procMounted = true procMounted = true
case "/sys": case "/sys":
sysMounted = true sysMounted = true
case "/dev":
m.Type = devtmpfs.Name
devMounted = true
case "/dev/pts":
m.Type = devpts.Name
devptsMounted = true
} }
mounts = append(mounts, m)
} }
// Mount proc and sys even if the user did not ask for it, as the spec // Mount proc and sys even if the user did not ask for it, as the spec
@ -149,6 +144,18 @@ func compileMounts(spec *specs.Spec) []specs.Mount {
Destination: "/sys", Destination: "/sys",
}) })
} }
if !devMounted {
mandatoryMounts = append(mandatoryMounts, specs.Mount{
Type: devtmpfs.Name,
Destination: "/dev",
})
}
if !devptsMounted {
mandatoryMounts = append(mandatoryMounts, specs.Mount{
Type: devpts.Name,
Destination: "/dev/pts",
})
}
// The mandatory mounts should be ordered right after the root, in case // The mandatory mounts should be ordered right after the root, in case
// there are submounts of these mandatory mounts already in the spec. // there are submounts of these mandatory mounts already in the spec.

8
runsc/specutils/specutils.go
View File

@ -344,15 +344,9 @@ func IsSupportedDevMount(m specs.Mount) bool {
var existingDevices = []string{ var existingDevices = []string{
"/dev/fd", "/dev/stdin", "/dev/stdout", "/dev/stderr", "/dev/fd", "/dev/stdin", "/dev/stdout", "/dev/stderr",
"/dev/null", "/dev/zero", "/dev/full", "/dev/random", "/dev/null", "/dev/zero", "/dev/full", "/dev/random",
"/dev/urandom", "/dev/shm", "/dev/pts", "/dev/ptmx", "/dev/urandom", "/dev/shm", "/dev/ptmx",
} }
dst := filepath.Clean(m.Destination) dst := filepath.Clean(m.Destination)
if dst == "/dev" {
// OCI spec uses many different mounts for the things inside of '/dev'. We
// have a single mount at '/dev' that is always mounted, regardless of
// whether it was asked for, as the spec says we SHOULD.
return false
}
for _, dev := range existingDevices { for _, dev := range existingDevices {
if dst == dev || strings.HasPrefix(dst, dev+"/") { if dst == dev || strings.HasPrefix(dst, dev+"/") {
return false return false