-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support sysfs mounts from workspaces #4897
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Went through this in a call with the author and it looks mostly fine to me.
There's only thing (at the moment) I'd suggest to think a bit more about: the concept of "tagged" directories in sysfs.
In fact, any sysfs directory can have a (1) "tag" that identifies which type of namespace controls how that directory is viewed.
Meaning that while /sys/class/net
has a tag identifying the net namespace subsystem, the /sys/kernel/uids
directory (for example) wants to be managed by the user namespace subsystem if I don't remember it wrong.
Basically, it's a Kernel mechanism to enable sysfs to present different views of various parts depending on the namespace tag.
But we should check the existence of this mechanism against specific Kernel versions (the ones Gitpod is intended to run on).
Also, we should verify whether we need and have things like /sys/kernel
.
Edit
I was remembering correctly about /sys/kernel/uids
tag, but it has been removed long ago.
Regarding the namespace tags I'm referring to kobject->sd (which is a kernfs_node that contains the namespace tag ns).
/werft run 👍 started the job as gitpod-build-cw-mount-sysfs.5 |
/werft run 👍 started the job as gitpod-build-cw-mount-sysfs.6 |
now that we support proper sysfs mounts
a42686c
to
d2e1aec
Compare
Codecov Report
@@ Coverage Diff @@
## main #4897 +/- ##
==========================================
+ Coverage 6.53% 32.32% +25.78%
==========================================
Files 3 42 +39
Lines 979 10102 +9123
==========================================
+ Hits 64 3265 +3201
- Misses 911 6540 +5629
- Partials 4 297 +293
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
LGTM label has been added. Git tree hash: 318a4edf13e2f31f6f35dd8d3cc672b3b3f30591
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: csweichel, leodido Associated issue: #4889 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This PR enables mounting
sysfs
from within a workspace, much the same way we mountproc
. We use seccomp-notify to intercept the mount call and delegate the mount to ws-daemon's in-workspace-service (IWS).How to test
also Docker container now use a "proper" sysfs mount
I hope this will help with #4889 where k3s attempts to mount sysfs.