buildkit: Add support for --mount=type=tmpfs

Following PR adds supports for buildkit like `--mount=type=tmpfs` which allows end users to mount a chunk of volatile memory instead of a persistent storage device. Signed-off-by: Aditya Rajan <[email protected]>
containers · Oct 8, 2021 · 0bb755d · 0bb755d
1 parent 211972a
commit 0bb755d
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 0 deletions.
diff --git a/run_linux.go b/run_linux.go
@@ -2400,6 +2400,13 @@ func (b *Builder) runSetupRunMounts(mounts []string, secrets map[string]string,
 			}
 			finalMounts = append(finalMounts, *mount)
 			mountTargets = append(mountTargets, mount.Destination)
+		case "tmpfs":
+			mount, err := b.getTmpfsMount(tokens, rootUID, rootGID, processUID, processGID)
+			if err != nil {
+				return nil, nil, err
+			}
+			finalMounts = append(finalMounts, *mount)
+			mountTargets = append(mountTargets, mount.Destination)
 		default:
 			return nil, nil, errors.Errorf("invalid mount type %q", kv[1])
 		}
@@ -2429,6 +2436,20 @@ func (b *Builder) getBindMount(tokens []string, contextDir string, rootUID, root
 	return &volumes[0], nil
 }
 
+func (b *Builder) getTmpfsMount(tokens []string, rootUID, rootGID, processUID, processGID int) (*spec.Mount, error) {
+	var optionMounts []specs.Mount
+	mount, err := parse.GetTmpfsMount(tokens)
+	if err != nil {
+		return nil, err
+	}
+	optionMounts = append(optionMounts, mount)
+	volumes, err := b.runSetupVolumeMounts(b.MountLabel, nil, optionMounts, rootUID, rootGID, processUID, processGID)
+	if err != nil {
+		return nil, err
+	}
+	return &volumes[0], nil
+}
+
 func getSecretMount(tokens []string, secrets map[string]string, mountlabel string, containerWorkingDir string, uidmap []spec.LinuxIDMapping, gidmap []spec.LinuxIDMapping) (*spec.Mount, error) {
 	errInvalidSyntax := errors.New("secret should have syntax id=id[,target=path,required=bool,mode=uint,uid=uint,gid=uint")
 	if len(tokens) == 0 {

diff --git a/tests/bud.bats b/tests/bud.bats
@@ -3550,3 +3550,12 @@ _EOF
   expect_output --substring "world"
   run_buildah rmi -f testbud
 }
+
+@test "bud-with-mount-with-tmpfs-like-buildkit" {
+  skip_if_no_runtime
+  skip_if_in_container
+  # tmpfs mount: target should be available on container without creating any special directory on container
+  run_buildah build -t testbud --signature-policy ${TESTSDIR}/policy.json -f ${TESTSDIR}/bud/buildkit-mount/Dockerfiletmpfs
+  [ "$status" -eq 0 ]
+  run_buildah rmi -f testbud
+}
diff --git a/tests/bud/buildkit-mount/Dockerfiletmpfs b/tests/bud/buildkit-mount/Dockerfiletmpfs
@@ -0,0 +1,4 @@
+FROM alpine
+
+# As a baseline, this should succeed without creating any directory on container
+RUN --mount=type=tmpfs,target=/var/tmpfs-not-empty touch /var/tmpfs-not-empty/hello