Changes

2,450 bytes added ,  10:07, 25 March 2020
External mounts, external/internal sharing/slavery.
Line 84: Line 84:  
[[Category:HOWTO]]
 
[[Category:HOWTO]]
 
[[Category:External]]
 
[[Category:External]]
 +
 +
=== Sharing for external bindmounts ===
 +
 +
External bindmounts can both have internal/external sharing. Please see the example:
 +
 +
# Preparation
 +
unshare -m --propagation private
 +
mkdir /external_mount_sharing_test
 +
mount -t tmpfs tmpfs /external_mount_sharing_test/
 +
mount --make-private /external_mount_sharing_test/
 +
cd /external_mount_sharing_test
 +
# Source of external mount
 +
mkdir external_mount
 +
mount -t tmpfs tmpfs-external external_mount/
 +
mount --make-shared external_mount/
 +
cat /proc/$$/mountinfo | grep external
 +
# 811 755 0:60 / /external_mount_sharing_test rw,relatime - tmpfs tmpfs rw
 +
# 812 811 0:62 / /external_mount_sharing_test/external_mount rw,relatime shared:290 - tmpfs tmpfs-external rw
 +
 +
# Switch to CT mntns
 +
unshare -m --propagation unchanged sh
 +
mkdir root
 +
mount -t tmpfs tmpfs-root root/
 +
mkdir root/external_sharing root/internal_sharing root/proc
 +
 +
# Create external mount
 +
mount --bind external_mount/ root/external_sharing
 +
mount --bind external_mount/ root/internal_sharing
 +
mount --make-private root/internal_sharing
 +
mount --make-shared root/internal_sharing
 +
 +
# More preparations
 +
mount --bind /proc root/proc
 +
cd root
 +
mkdir bin lib64
 +
SH=$(which sh)
 +
cp $SH bin
 +
cp $(ldd $SH | grep "/lib64" | sed 's/^.*\(\/lib64\S*\)\s.*$/\1/') lib64
 +
CAT=$(which cat)
 +
cp $CAT bin
 +
cp $(ldd $CAT | grep "/lib64" | sed 's/^.*\(\/lib64\S*\)\s.*$/\1/') lib64
 +
PATH=$PATH:/bin
 +
chroot . sh
 +
cat /proc/$$/mountinfo
 +
# 843 841 0:63 / / rw,relatime - tmpfs tmpfs-root rw
 +
# 861 843 0:62 / /external_sharing rw,relatime shared:290 - tmpfs tmpfs-external rw
 +
# 898 843 0:62 / /internal_sharing rw,relatime shared:349 - tmpfs tmpfs-external rw
 +
# 899 843 0:5 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
 +
 +
Mounts 812 (on host) and 861 (in container) have the same sharing (shared group) - external sharing and mount 898 has it's own local shared group - internal sharing.
 +
 +
Before [https://github.com/checkpoint-restore/criu/pull/906 #906] we were detecting this external/internal sharing state for auto detected external mounts only, but we need it for manual external mounts too. Moreover this also applies to manual external slave mounts they can be external/internal slaves too.
 +
 +
So we detect that the mount is from external sharing if in mount namespace of CRIU there are mounts of same shared group and also we detect that the mount is from external slavery if there is no master mount for it in CT mount namespaces.