-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove overlayfs volatile option on temp mounts #9555
Remove overlayfs volatile option on temp mounts #9555
Conversation
Hi @KodieGlosserIBM. Thanks for your PR. I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
706b948
to
e583e89
Compare
mount/temp.go
Outdated
// option here. | ||
// TODO: Make this logic conditional once the kernel supports reusing | ||
// overlayfs volatile mounts. | ||
for _, m := range mounts { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would you please add that reference https://docs.kernel.org/filesystems/overlayfs.html#volatile-mount in that comment and add that test in mount
package? thanks
NOTE: Currently, containerd uses read-only mount to get uid/gid. But containerd still needs to strip out volatile option on temp mounts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@fuweid addressed your comments! PTAL
mount/temp.go
Outdated
// The volatile option of overlayfs doesn't allow to mount again using the | ||
// same upper / work dirs. Since it's a temp mount, avoid using that | ||
// option here. | ||
// TODO: Make this logic conditional once the kernel supports reusing | ||
// overlayfs volatile mounts. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems that the function doc comment needs to be updated to add the explanation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ktock what do you mean by function doc comment?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I meant the comment for the function itself:
Lines 29 to 32 in c950537
// WithTempMount mounts the provided mounts to a temp dir, and pass the temp dir to f. | |
// The mounts are valid during the call to the f. | |
// Finally we will unmount and remove the temp dir regardless of the result of f. | |
func WithTempMount(ctx context.Context, mounts []Mount, f func(root string) error) (err error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @KodieGlosserIBM Please check out @ktock's comment. The comment should be for WithTempMount. And please squash into one commit. Thanks
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done!
5b1962f
to
c950537
Compare
/ok-to-test |
@fuweid @samuelkarp anything still needed to push this one through? Thanks! |
mount/temp.go
Outdated
} | ||
for i, opt := range m.Options { | ||
if opt == "volatile" { | ||
m.Options[i] = "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is changing the input slice, if the "volatile" option is detected, the original slice and options should be copied to avoid the mount call input slice.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dmcgowan I am not sure I follow. The original slice are still copied over. My test here should cover that TestRemoveVolatileTempMount
. Maybe I'm missing something?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I should have posted the test update with my comment, sorry. The input slice is never copied.
diff --git a/mount/mount_test.go b/mount/mount_test.go
index 9fc7e0165..078c6c300 100644
--- a/mount/mount_test.go
+++ b/mount/mount_test.go
@@ -205,9 +205,24 @@ func TestRemoveVolatileTempMount(t *testing.T) {
}
for _, tc := range testCases {
+ original := copyMounts(tc.input)
actual := removeVolatileTempMount(tc.input)
if !reflect.DeepEqual(actual, tc.expected) {
t.Fatalf("incorrectly modified mounts: %s.\n\n Expected: %v\n\n, Actual: %v", tc.desc, tc.expected, actual)
}
+ if !reflect.DeepEqual(original, tc.input) {
+ t.Fatalf("modified original mounts: %s.\n\n Expected: %v\n\n, Actual: %v", tc.desc, original, tc.input)
+ }
+ }
+}
+
+func copyMounts(in []Mount) []Mount {
+ out := make([]Mount, len(in))
+ for i := range in {
+ out[i] = in[i]
+ if len(out[i].Options) > 0 {
+ out[i].Options = append([]string{out[i].Options[0]}, out[i].Options[1:]...)
+ }
}
+ return out
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ahh that makes sense! I've adjusted the code to not modify the original slice! Please take another look. And it looks like I need to rebase so I will do that too :)
5567921
to
b325072
Compare
/test pull-containerd-node-e2e |
b325072
to
86ff8da
Compare
e4aead8
to
86ff8da
Compare
86ff8da
to
c0c4b89
Compare
2e9b78f
to
c2d4a77
Compare
core/mount/temp.go
Outdated
if out == nil { | ||
out = copyMounts(mounts) | ||
} | ||
out[i].Options[j] = "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One more optimization here, don't have copyMounts copy the Options slice. Just copy the option slice here when removing the element. Its fine to keep the original string slice until it is modified.
out[i].Options = append(out[i].Options[:j], out[i].Options[j+1:]...)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great idea! Made those adjustments. Really appreciate the help you are providing!
c2d4a77
to
ecb4ae1
Compare
core/mount/temp.go
Outdated
out := make([]Mount, len(in)) | ||
for i := range in { | ||
out[i] = in[i] | ||
if len(out[i].Options) > 0 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This block is no longer necessary
ecb4ae1
to
5ad5fac
Compare
Signed-off-by: krglosse <krglosse@us.ibm.com> do not alter original slice Signed-off-by: krglosse <krglosse@us.ibm.com> Update core/mount/temp.go makes sense, thank you! Co-authored-by: Derek McGowan <derek@mcg.dev> Signed-off-by: KodieGlosserIBM <39170759+KodieGlosserIBM@users.noreply.github.com> do not copy mount structure unless conditional is met and adding a test case for it Signed-off-by: krglosse <krglosse@us.ibm.com> copy option slice when removing the element instead of giving the element an empty string remove unneeded block Signed-off-by: krglosse <krglosse@us.ibm.com> simplify Signed-off-by: krglosse <krglosse@us.ibm.com>
5ad5fac
to
cfe8321
Compare
Will address #6406. Which will allow us to use volatile w/overlay mounts.