container, hooks: Proposal and support for running createContainer hooks before setting up mounts
#827
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…oks before setting up mounts There are use cases of `createContainer` hooks which can perform operation on mounts before `libcrun_set_mounts` for a container Example creating a `nfs mount` or a fresh source for `bind` mount which was supplied to container. Typical use-case example from `runtime-spec` gives example of running `mount` fix-ups as `hook` when we do `createContainer` Ref: https://github.com/opencontainers/runtime-spec/blob/main/config.md#example-2 However it will not be possible if we do `libcrun_set_mounts` before running `createContainer` hooks following PR proposes and fixes that. Signed-off-by: Aditya Rajan <[email protected]>
|
@giuseppe PTAL. |
|
Marking this PR as draft till I can confirm when does |
giuseppe
reviewed
Dec 23, 2021
Comment on lines
+1057
to
+1065
| if (def->hooks && def->hooks->create_container_len) | ||
| { | ||
| ret = do_hooks (def, 0, container->context->id, false, NULL, "created", (hook **) def->hooks->create_container, | ||
| def->hooks->create_container_len, entrypoint_args->hooks_out_fd, entrypoint_args->hooks_err_fd, | ||
| err); | ||
| if (UNLIKELY (ret != 0)) | ||
| return ret; | ||
| } | ||
|
|
There was a problem hiding this comment.
I think this should happen after the mounts are configured but before doing the pivot_root
There was a problem hiding this comment.
I agree we cannot do createContainer hooks before setMounts as its a behavior change.
Runc behaves exactly as crun is behaving now. We cannot do behavior changes hence closing this PR |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There are use cases of
createContainerhooks which can performoperation on mounts before
libcrun_set_mountsfor a containerExample creating a
nfs mountor a fresh source forbindmount whichwas supplied to container.
Also typical use-case from
runtime-specgives example of runningmountfix-ups ashookwhen we docreateContainerRef: https://github.com/opencontainers/runtime-spec/blob/main/config.md#example-2
However it will not be possible if we do
libcrun_set_mountsbeforerunning
createContainerhooks following PR proposes and fixes that.A use-case is being discussed here: containers/podman#12650