Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide capability of mount propagation between host and container #207

Closed
rhvgoyal opened this issue Aug 17, 2015 · 7 comments
Closed

Provide capability of mount propagation between host and container #207

rhvgoyal opened this issue Aug 17, 2015 · 7 comments

Comments

@rhvgoyal
Copy link
Contributor

Currently container / is marked RPRIVATE. That means once the container starts, any mount on host is not visible in container and vice-a-versa.

People have been looking for capabilities where these restrictions can be relaxed and some kind of mount propagation can take place after container has started. There are two primary use cases.

  • A mount is done on host and that mount becomes visible in container.
  • A container does a mount and that mount becomes visible in host.

Define new rootfsPropagation modes where user can opt in for new propagation mode.
@rhvgoyal rhvgoyal mentioned this issue Aug 17, 2015
Merged
@rhvgoyal
Copy link
Contributor Author

@mrunalp CC

@rhvgoyal
Copy link
Contributor Author

@rhatdan CC

@rhvgoyal
Copy link
Contributor Author

@rootfs CC

This was referenced Aug 17, 2015
Closed
Closed
@rootfs
Copy link

rootfs commented Aug 17, 2015

Docker PR can be found at moby/moby#15648

@rhvgoyal
Copy link
Contributor Author

In container slave mode, one can bind mount a directory from host into container and destination mount in container will become a "slave", if source mount is "shared". Now if anything is mounted
on host in source directory, it will become visible in container too.

One can find source mount of a directory using "df " command. And one can find propagation properties of a mount using "findmnt -o TARGET,PROPAGATION " command.

Example:

Say, one wants to mount /root/mnt-source directory inside container at /root/mnt-dest. Do following.

  • Prepare source directory. Make sure source mount of directory is "shared". One can simply convert
    source directory into a mount point and make it shared. That way one does not have to rely on
    existing settings of source mount point of directory.

    $ mkdir /root/mnt-source
    $ mount --bind /root/mnt-source /root/mnt-source
    $ mount --make-shared /root/mnt-source

  • Edit config.json to launch container in "container_slave" mode.

    "linux": {
    ...
    ...
    "rootfsPropagation": "container_slave"
    }

  • Edit config.json to mount /root/mnt-source in container.
    {
    "type": "bind",
    "source": "/root/mnt-source",
    "destination": "/root/mnt-dest",
    "options": "rbind"
    }

$ runc

  • Inside container and run "findmnt -o TARGET,PROPAGATION /root/mnt-dest" and make sure this mount point is in "slave" mode.

$ findmnt -o TARGET,PROPAGATION /root/mnt-dest

  • Now on host, mount something under /root/mnt-source/

$ mkdir /root/mnt-source/mnt1
$ mount --bind /root/mnt-source/mnt1 /root/mnt-source/mnt1

  • Verify this mount becomes visible in container using "findmnt -o TARGET".

@rhvgoyal
Copy link
Contributor Author

In container_shared mode, one can bind mount a directory from host into container and destination mount in container will become "shared", if source mount is "shared" and it is not source mount of container rootfs. Now if anything is mounted on host in source directory, it will become visible in container too. And if anything is mounted in container under "shared" mount, it will become visible on host.

One can find source mount of a directory using "df " command. And one can find propagation properties of a mount using "findmnt -o TARGET,PROPAGATION " command.

Example:

Say, one wants to mount /root/mnt-source directory inside container at /root/mnt-dest. Do following.

  • Prepare source directory. Make sure source mount of directory is "shared". One can simply convert
    source directory into a mount point and make it shared. That way one does not have to rely on
    existing settings of source mount point of directory.

$ mkdir /root/mnt-source
$ mount --bind /root/mnt-source /root/mnt-source
$ mount --make-shared /root/mnt-source

  • Edit config.json to launch container in "container_shared" mode.

"linux": {
...
...
"rootfsPropagation": "container_shared"
}

  • Edit config.json to mount /root/mnt-source in container.
    {
    "type": "bind",
    "source": "/root/mnt-source",
    "destination": "/root/mnt-dest",
    "options": "rbind"
    }

$ runc

  • Inside container and run "findmnt -o TARGET,PROPAGATION /root/mnt-dest" and make sure this mount point is in "shared" mode.

$ findmnt -o TARGET,PROPAGATION /root/mnt-dest

  • Now inside container mount something under /root/mnt-dest/
    $ mkdir /root/mnt-dest/mnt1
    $ mount --bind /root/mnt-dest/mnt1 /root/mnt-dest/mnt1
  • Verify this mount becomes visible on host using "findmnt -o TARGET".

@crosbymichael
Copy link
Member

This was merged and is working now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@crosbymichael @rootfs @rhvgoyal