Jump to: navigation, search

External bind mounts

2,450 bytes added, 10:07, 25 March 2020
External mounts, external/internal sharing/slavery.
=== Sharing for external bindmounts ===
External bindmounts can both have internal/external sharing. Please see the example:
# Preparation
unshare -m --propagation private
mkdir /external_mount_sharing_test
mount -t tmpfs tmpfs /external_mount_sharing_test/
mount --make-private /external_mount_sharing_test/
cd /external_mount_sharing_test
# Source of external mount
mkdir external_mount
mount -t tmpfs tmpfs-external external_mount/
mount --make-shared external_mount/
cat /proc/$$/mountinfo | grep external
# 811 755 0:60 / /external_mount_sharing_test rw,relatime - tmpfs tmpfs rw
# 812 811 0:62 / /external_mount_sharing_test/external_mount rw,relatime shared:290 - tmpfs tmpfs-external rw
# Switch to CT mntns
unshare -m --propagation unchanged sh
mkdir root
mount -t tmpfs tmpfs-root root/
mkdir root/external_sharing root/internal_sharing root/proc
# Create external mount
mount --bind external_mount/ root/external_sharing
mount --bind external_mount/ root/internal_sharing
mount --make-private root/internal_sharing
mount --make-shared root/internal_sharing
# More preparations
mount --bind /proc root/proc
cd root
mkdir bin lib64
SH=$(which sh)
cp $SH bin
cp $(ldd $SH | grep "/lib64" | sed 's/^.*\(\/lib64\S*\)\s.*$/\1/') lib64
CAT=$(which cat)
cp $CAT bin
cp $(ldd $CAT | grep "/lib64" | sed 's/^.*\(\/lib64\S*\)\s.*$/\1/') lib64
chroot . sh
cat /proc/$$/mountinfo
# 843 841 0:63 / / rw,relatime - tmpfs tmpfs-root rw
# 861 843 0:62 / /external_sharing rw,relatime shared:290 - tmpfs tmpfs-external rw
# 898 843 0:62 / /internal_sharing rw,relatime shared:349 - tmpfs tmpfs-external rw
# 899 843 0:5 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
Mounts 812 (on host) and 861 (in container) have the same sharing (shared group) - external sharing and mount 898 has it's own local shared group - internal sharing.
Before [ #906] we were detecting this external/internal sharing state for auto detected external mounts only, but we need it for manual external mounts too. Moreover this also applies to manual external slave mounts they can be external/internal slaves too.
So we detect that the mount is from external sharing if in mount namespace of CRIU there are mounts of same shared group and also we detect that the mount is from external slavery if there is no master mount for it in CT mount namespaces.

Navigation menu