cmd/create: Expose the host's entire / in the container at /run/host

Having the entire host file system hierarchy mounted inside a toolbox container gives the containers a more complete environment that's resilient against future changes in the layout of the file system hierarchy and the need for giving access to new paths to support new use-cases. Otherwise, one would have to create a new container to get access to any path that lies outside the /boot, /etc, /run, /tmp, /usr and /var directories. As a nice side-effect, this also simplifies the bind mount handling code. containers#827
debarshiray · Jul 9, 2021 · d03a5fe · d03a5fe
1 parent 94917b7
commit d03a5fe
Showing 1 changed file with 1 addition and 28 deletions.
diff --git a/src/cmd/create.go b/src/cmd/create.go
@@ -265,28 +265,6 @@ func createContainer(container, image, release string, showCommandToEnter bool)
 	logrus.Debugf("%s canonicalized to %s", currentUser.HomeDir, homeDirEvaled)
 	homeDirMountArg := homeDirEvaled + ":" + homeDirEvaled + ":rslave"
 
-	bootMountFlags := "ro"
-	isBootReadWrite, err := isPathReadWrite("/boot")
-	if err != nil {
-		return err
-	}
-	if isBootReadWrite {
-		bootMountFlags = "rw"
-	}
-
-	bootMountArg := "/boot:/run/host/boot:" + bootMountFlags + ",rslave"
-
-	usrMountFlags := "ro"
-	isUsrReadWrite, err := isPathReadWrite("/usr")
-	if err != nil {
-		return err
-	}
-	if isUsrReadWrite {
-		usrMountFlags = "rw"
-	}
-
-	usrMountArg := "/usr:/run/host/usr:" + usrMountFlags + ",rslave"
-
 	var avahiSocketMount []string
 
 	avahiSocket, err := getServiceSocket("Avahi", "avahi-daemon.socket")
@@ -423,16 +401,11 @@ func createContainer(container, image, release string, showCommandToEnter bool)
 	createArgs = append(createArgs, []string{
 		"--userns", usernsArg,
 		"--user", "root:root",
-		"--volume", "/etc:/run/host/etc",
+		"--volume", "/:/run/host:rslave",
 		"--volume", "/dev:/dev:rslave",
-		"--volume", "/run:/run/host/run:rslave",
-		"--volume", "/tmp:/run/host/tmp:rslave",
-		"--volume", "/var:/run/host/var:rslave",
-		"--volume", bootMountArg,
 		"--volume", dbusSystemSocketMountArg,
 		"--volume", homeDirMountArg,
 		"--volume", toolboxPathMountArg,
-		"--volume", usrMountArg,
 		"--volume", runtimeDirectoryMountArg,
 	}...)