From 234b9864892d7a3e571a7e9e027efed35be4b7f2 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Wed, 2 May 2018 14:48:05 -0400
Subject: [PATCH] Fix handling of /dev/shm mounting inside of containers

Add test to make sure /dev/shm is shared between containers in CRI-O

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 server/container_create.go         |  5 +++-
 server/sandbox_run.go              | 14 ++++++++++-
 test/shm.bats                      | 40 ++++++++++++++++++++++++++++++
 test/testdata/container_sleep.json | 37 +++++++++++++++++++++++++++
 4 files changed, 94 insertions(+), 2 deletions(-)
 create mode 100644 test/shm.bats
 create mode 100644 test/testdata/container_sleep.json

diff --git a/server/container_create.go b/server/container_create.go
index 781e4abdf7e..46a915ac689 100644
--- a/server/container_create.go
+++ b/server/container_create.go
@@ -1105,10 +1105,13 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
 	specgen.AddAnnotation(annotations.ImageRef, imageRef)
 	specgen.AddAnnotation(annotations.IP, sb.IP())
 
+	// Remove the default /dev/shm mount to ensure we overwrite it
+	specgen.RemoveMount("/dev/shm")
+
 	mnt = rspec.Mount{
 		Type:        "bind",
 		Source:      sb.ShmPath(),
-		Destination: "/etc/shm",
+		Destination: "/dev/shm",
 		Options:     []string{"rw", "bind"},
 	}
 	// bind mount the pod shm
diff --git a/server/sandbox_run.go b/server/sandbox_run.go
index 09a60937c32..94bb653392b 100644
--- a/server/sandbox_run.go
+++ b/server/sandbox_run.go
@@ -292,6 +292,9 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
 	g.SetProcessSelinuxLabel(processLabel)
 	g.SetLinuxMountLabel(mountLabel)
 
+	// Remove the default /dev/shm mount to ensure we overwrite it
+	g.RemoveMount("/dev/shm")
+
 	// create shm mount for the pod containers.
 	var shmPath string
 	if securityContext.GetNamespaceOptions().GetIpc() == pb.NamespaceMode_NODE {
@@ -310,6 +313,15 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
 		}()
 	}
 
+	mnt := runtimespec.Mount{
+		Type:        "bind",
+		Source:      shmPath,
+		Destination: "/dev/shm",
+		Options:     []string{"rw", "bind"},
+	}
+	// bind mount the pod shm
+	g.AddMount(mnt)
+
 	err = s.setPodSandboxMountLabel(id, mountLabel)
 	if err != nil {
 		return nil, err
@@ -506,7 +518,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
 	if err := label.Relabel(hostnamePath, mountLabel, true); err != nil && err != unix.ENOTSUP {
 		return nil, err
 	}
-	mnt := runtimespec.Mount{
+	mnt = runtimespec.Mount{
 		Type:        "bind",
 		Source:      hostnamePath,
 		Destination: "/etc/hostname",
diff --git a/test/shm.bats b/test/shm.bats
new file mode 100644
index 00000000000..386afcff7ed
--- /dev/null
+++ b/test/shm.bats
@@ -0,0 +1,40 @@
+#!/usr/bin/env bats
+
+load helpers
+
+function teardown() {
+	cleanup_test
+}
+
+@test "ctr check shared /dev/shm" {
+	start_crio
+	run crictl runp "$TESTDATA"/sandbox_config.json
+	echo "$output"
+	[ "$status" -eq 0 ]
+	pod_id="$output"
+	run crictl create "$pod_id" "$TESTDATA"/container_sleep.json "$TESTDATA"/sandbox_config.json
+	echo "$output"
+	[ "$status" -eq 0 ]
+	ctr_id="$output"
+	run crictl start "$ctr_id"
+	echo "$output"
+	[ "$status" -eq 0 ]
+	run crictl exec --sync "$ctr_id" "touch /dev/shm/testdata"
+	echo "$output"
+	[ "$status" -eq 0 ]
+
+	run crictl create "$pod_id" "$TESTDATA"/container_redis.json "$TESTDATA"/sandbox_config.json
+	echo "$output"
+	[ "$status" -eq 0 ]
+	ctr_id="$output"
+	run crictl start "$ctr_id"
+	echo "$output"
+	[ "$status" -eq 0 ]
+	run crictl exec --sync "$ctr_id" "ls /dev/shm/testdata"
+	echo "$output"
+	[ "$status" -eq 0 ]
+
+	cleanup_ctrs
+	cleanup_pods
+	stop_crio
+}
diff --git a/test/testdata/container_sleep.json b/test/testdata/container_sleep.json
new file mode 100644
index 00000000000..21bb07faf42
--- /dev/null
+++ b/test/testdata/container_sleep.json
@@ -0,0 +1,37 @@
+{
+	"metadata": {
+		"name": "podsandbox-sleep"
+	},
+	"image": {
+		"image": "quay.io/crio/redis:alpine"
+	},
+	"command": [
+		  "/bin/sleep", "6000"
+	],
+	"args": [
+                "6000"
+	],
+	"working_dir": "/",
+	"envs": [
+		{
+			"key": "PATH",
+			"value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+		}
+	],
+	"annotations": {
+		"pod": "podsandbox"
+	},
+	"readonly_rootfs": false,
+	"log_path": "",
+	"stdin": false,
+	"stdin_once": false,
+	"tty": false,
+	"linux": {
+		"resources": {
+			"cpu_period": 10000,
+			"cpu_quota": 20000,
+			"cpu_shares": 512,
+			"oom_score_adj": 30
+		}
+	}
+}