fix: Volume mount scanner host fs into scanner container #435
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Containers can only be aware of device mount points which are within their containerized filesystem. This means that if a device is mounted somewhere on the host, and that location on the host is not exposed to the container, the container can not determine if its mount or not. This commit resolves this issue by making the whole host filesystem available for the container to see by mounting it into a sub-directory called `/hostfs` within the containers filesystem. Once the container can see the host filesystem, all volumes which are mounted by the host or by the scanner have a mount point defined in `lsblk`.
ghost
self-requested a review
as a 
ghost
changed the title
ghost
self-assigned this
fishkerez
reviewed
Jun 27, 2023
adamtagscherer
pushed a commit
that referenced
this pull request
Jun 29, 2023
Containers can only be aware of device mount points which are within their containerized filesystem. This means that if a device is mounted somewhere on the host, and that location on the host is not exposed to the container, the container can not determine if its mount or not. This commit resolves this issue by making the whole host filesystem available for the container to see by mounting it into a sub-directory called `/hostfs` within the containers filesystem. Once the container can see the host filesystem, all volumes which are mounted by the host or by the scanner have a mount point defined in `lsblk`.
This pull request was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Containers can only be aware of device mount points which are within their containerized filesystem. This means that if a device is mounted somewhere on the host, and that location on the host is not exposed to the container, the container can not determine if its mount or not.
This commit resolves this issue by making the whole host filesystem available for the container to see by mounting it into a sub-directory called
/hostfswithin the containers filesystem.Once the container can see the host filesystem, all volumes which are mounted by the host or by the scanner have a mount point defined in
lsblk.Description
Please provide a meaningful description of what this change will do, or is for. Bonus points for including links to
related issues, other PRs, or technical references.
Note that by not including a description, you are asking reviewers to do extra work to understand the context of this
change, which may lead to your PR taking much longer to review, or result in it not being reviewed at all.
Type of Change
[X] Bug Fix
[ ] New Feature
[ ] Breaking Change
[ ] Refactor
[ ] Documentation
[ ] Other (please describe)
Checklist