-
Notifications
You must be signed in to change notification settings - Fork 884
stage1: prepare-app: don't mount /sys if path already used #2888
Conversation
@@ -65,7 +65,7 @@ func ServiceWantPath(root string, appName types.ACName) string { | |||
func InstantiatedPrepareAppUnitName(appName types.ACName) string { | |||
// Naming respecting escaping rules, see systemd.unit(5) and systemd-escape(1) | |||
escapedRoot := unit.UnitNamePathEscape(common.RelAppRootfsPath(appName)) | |||
return "prepare-app@" + escapedRoot + ".service" | |||
return "prepare-app@-" + escapedRoot + ".service" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any reason for this except being more readable?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes: the string after the @
is not part of the filename written on disk but the parameter to the parametrized systemd unit. In this case, it is a directory, for example /opt/stage2/busybox/rootfs
. But the string is escaped: /
are converted to -
, following systemd escaping rules. And the variable escapedRoot
is not an absolute path: it does not have the leading /
. It was not a problem before because prepare-app
was accepting a relative path as parameter. But I made changes below that requires an absolute path. Hence this fix.
LGTM modulo tests |
When users mount /sys or a sub-directory of /sys as a volume, prepare-app should not mount /sys: that would mask the volume provided by users. This patch detects if there is a volume mounted in /sys or a subdirectory and skips the mount. Fixes rkt#2874
@iaguis Updated. |
@@ -288,3 +288,60 @@ func TestDockerVolumeSemanticsPodManifest(t *testing.T) { | |||
runRktAndCheckOutput(t, cmd, expected, false) | |||
} | |||
} | |||
|
|||
var volSysfsTests = []struct { | |||
name string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: description?
LGTM. Semaphore failure seems to be unrelated, the test works on my machine but we're getting failures in Semaphore pretty regularly, we should investigate it a bit more. |
When users mount /sys or a sub-directory of /sys as a volume,
prepare-app should not mount /sys: that would mask the volume provided
by users. This patch detects if there is a volume mounted in /sys or a
subdirectory and skips the mount.
Fixes #2874
/cc @tjdett
TODO: