Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix --init with /dev bind mount #14281

Merged
merged 1 commit into from
May 23, 2022
Merged

fix --init with /dev bind mount #14281

merged 1 commit into from
May 23, 2022

Conversation

vrothberg
Copy link
Member

@vrothberg vrothberg commented May 18, 2022
edited
Loading

The init binary until now has been bind-mounted to /dev/init which
breaks when bind-mounting to /dev. Instead mount the init to
/run/podman-init. The reasoning for using /run is that it is already
used for other runtime data such as secrets.

Fixes: #14251
Signed-off-by: Valentin Rothberg [email protected]

Does this PR introduce a user-facing change?

Fix a bug where bind-mounting /dev in conjunction with using --init failed to start the container.

@openshift-ci openshift-ci bot added release-note approved Indicates a PR has been approved by an approver from all required OWNERS files. labels May 18, 2022
flouthoc
flouthoc approved these changes May 18, 2022
View reviewed changes
Copy link
Collaborator

@flouthoc flouthoc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM just one non-blocking nit above.

@Luap99
Copy link
Member

Luap99 commented May 18, 2022
edited
Loading

Not sure why /sbin is any better other than this should be used less often as bind mount?
I think using /run might be better since this is already broken apparently (I will file a separate bug):

$ bin/podman run --init -v /run:/run alpine:latest ls /run
Error: crun: open `/home/pholzing/.local/share/containers/storage/overlay/db6f9c100a5e9598d271afaff4f83ca5658d1637c452a4f9e33edc9b931f24b8/merged/.containerenv`: No such file or directory: OCI runtime attempted to invoke a command that was not found

Either way I think you have to add this to the podman diff exclude list:

$ bin/podman diff lucid_elgamal
C /etc
C /sbin
A /sbin/podman-init

podman/libpod/diff.go

Line 10 in 9915b8f

var initInodes = map[string]bool{

Also make sure to document this known limitation in the man page.

@edsantiago edsantiago added the kind/bug Categorizes issue or PR as related to a bug. label May 18, 2022
@rhatdan
Copy link
Member

rhatdan commented May 18, 2022

I agree lets move it to /run/

@vrothberg
Copy link
Member Author

I think using /run might be better since this is already broken apparently (I will file a separate bug):

Good idea. This should be documented for --volume/--mount etc.

@vrothberg
Copy link
Member Author

@kolyshkin FYI

@vrothberg vrothberg force-pushed the fix-14251 branch 2 times, most recently from f67ea12 to 02c8b28 Compare May 19, 2022 08:19
@vrothberg
Copy link
Member Author

@Luap99 @rhatdan PTanotherL

Luap99
Luap99 reviewed May 19, 2022
View reviewed changes
pkg/specgen/generate/storage.go Outdated
var errDuplicateDest = errors.Errorf("duplicate mount destination")

// The default path of the mounted container init.
const containerInitPath = "/run/podman-init"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we move this into libpod/define and use it in libpod/diff.go as well.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done ✔️

@TomSweeneyRedHat
Copy link
Member

LGTM
once @Luap99 comment is settled.

fruch
fruch approved these changes May 22, 2022
View reviewed changes
Copy link

@fruch fruch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@openshift-ci
Copy link
Contributor

openshift-ci bot commented May 22, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: flouthoc, fruch, vrothberg

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@vrothberg
fix --init with /dev bind mount
633d5f1 
The init binary until now has been bind-mounted to /dev/init which
breaks when bind-mounting to /dev.  Instead mount the init to
/run/podman-init.  The reasoning for using /run is that it is already
used for other runtime data such as secrets.

Fixes: containers#14251
Signed-off-by: Valentin Rothberg <[email protected]>
@Luap99
Copy link
Member

Luap99 commented May 23, 2022

/lgtm
/hold

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 23, 2022
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label May 23, 2022
@vrothberg
Copy link
Member Author

/hold cancel

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 23, 2022
@openshift-merge-robot openshift-merge-robot merged commit 7d00b0e into containers:main May 23, 2022
@vrothberg vrothberg deleted the fix-14251 branch May 23, 2022 14:18
@kolyshkin
Copy link
Contributor

In moby/moby#37665 I put it to /sbin as chances are very low that someone would want container's /sbin as a destination for a bind mount (or any other mount). Not quite sure about /run -- maybe some people have an explicit tmpfs mount over it. Hope they don't.

@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 21, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Luap99 Luap99 Luap99 left review comments

@flouthoc flouthoc flouthoc approved these changes

@fruch fruch fruch approved these changes

Assignees

@Luap99 Luap99

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. release-note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

--init fail to work when mounting /dev
9 participants
@vrothberg @Luap99 @rhatdan @TomSweeneyRedHat @kolyshkin @fruch @flouthoc @edsantiago @openshift-merge-robot