Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Image Volumes should be bind mounted as private #1735

Merged
merged 1 commit into from Aug 13, 2018
Merged

Conversation

rhatdan
Copy link
Contributor

@rhatdan rhatdan commented Aug 10, 2018

We found an issue with mounting of user images inside of a
Image Volume. The mount point was leaked to the host, since
the default for mountpoint is shared, this can cause container
cleanup to fail. We should default to private.

Signed-off-by: Daniel J Walsh dwalsh@redhat.com

- What I did

- How I did it

- How to verify it

- Description for the changelog

We found an issue with mounting of user images inside of a
Image Volume.  The mount point was leaked to the host, since
the default for mountpoint is shared, this can cause container
cleanup to fail.  We should default to private.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Aug 10, 2018
@mrunalp
Copy link
Member

mrunalp commented Aug 10, 2018

We will need this ported to 1.11 and 1.10 as well.

@rhatdan
Copy link
Contributor Author

rhatdan commented Aug 10, 2018

/test all
Will back port once it passes tests.

Copy link
Member

@mrunalp mrunalp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mrunalp
Copy link
Member

mrunalp commented Aug 13, 2018

@giuseppe PTAL

@giuseppe
Copy link
Member

LGTM, just a question. Would it be better to make it "slave" so that changes from the host are propagated?

@rhatdan
Copy link
Contributor Author

rhatdan commented Aug 13, 2018

No I think we should leave this private, since we really don't expect anyone to be playing in these directories.

@mrunalp mrunalp merged commit 2a7ac79 into cri-o:master Aug 13, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants