[lxc-devel] [lxd/master] feature: allow configuration of mount-propagation

igalic on Github lxc-bot at linuxcontainers.org
Mon Apr 23 15:55:17 UTC 2018 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 494 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180423/e6cd2ba8/attachment.bin>
-------------- next part --------------
From 4704786f8d3d696ada762daee34bab56cdb495b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Igor=20Gali=C4=87?= <igor.galic at automatic-server.com>
Date: Mon, 23 Apr 2018 17:52:53 +0200
Subject: [PATCH] feature: allow configuration of mount-propagation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

we add a new option `propagation`, which allows to specify exactly how
bind-mounts will be shared between the host and a container.

Signed-off-by: Igor Galić <igor.galic at automatic-server.com>
---
 doc/containers.md    |  1 +
 lxd/container.go     |  2 ++
 lxd/container_lxc.go | 11 +++++++++--
 lxd/devices.go       | 12 +++++++++++-
 4 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/doc/containers.md b/doc/containers.md
index 46d2af9fd..ebb8887c8 100644
--- a/doc/containers.md
+++ b/doc/containers.md
@@ -343,6 +343,7 @@ readonly        | boolean   | false             | no        | Controls whether t
 size            | string    | -                 | no        | Disk size in bytes (supports kB, MB, GB, TB, PB and EB suffixes). This is only supported for the rootfs (/).
 recursive       | boolean   | false             | no        | Whether or not to recursively mount the source path
 pool            | string    | -                 | no        | The storage pool the disk device belongs to. This is only applicable for storage volumes managed by LXD.
+propagation            | string    | -                 | no        | Controls how a bind-mount is shared between the container and the host. (`rshared`, `rslave` or the default `private`)
 
 If multiple disks, backed by the same block device, have I/O limits set,
 the average of the limits will be used.
diff --git a/lxd/container.go b/lxd/container.go
index f5c87f3d3..8c58c5c6e 100644
--- a/lxd/container.go
+++ b/lxd/container.go
@@ -168,6 +168,8 @@ func containerValidDeviceConfigKey(t, k string) bool {
 			return true
 		case "pool":
 			return true
+		case "propagation":
+			return true
 		default:
 			return false
 		}
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 63e137031..0e8cd0167 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -1566,6 +1566,8 @@ func (c *containerLXC) initLXC(config bool) error {
 
 			sourceDevPath := filepath.Join(c.DevicesPath(), fmt.Sprintf("disk.%s.%s", strings.Replace(k, "/", "-", -1), strings.Replace(relativeDestPath, "/", "-", -1)))
 
+			propagation := m["propagation"]
+
 			// Various option checks
 			isOptional := shared.IsTrue(m["optional"])
 			isReadOnly := shared.IsTrue(m["readonly"])
@@ -1626,6 +1628,10 @@ func (c *containerLXC) initLXC(config bool) error {
 					rbind = "r"
 				}
 
+				if propagation != ""{
+					options = append(options, propagation)
+				}
+
 				if isFile {
 					options = append(options, "create=file")
 				} else {
@@ -6246,7 +6252,7 @@ func (c *containerLXC) createUnixDevice(prefix string, m types.Device) ([]string
 		}
 		f.Close()
 
-		err = deviceMountDisk(srcPath, devPath, false, false)
+		err = deviceMountDisk(srcPath, devPath, false, false, "")
 		if err != nil {
 			return nil, err
 		}
@@ -7384,6 +7390,7 @@ func (c *containerLXC) createDiskDevice(name string, m types.Device) (string, er
 	devName := fmt.Sprintf("disk.%s.%s", strings.Replace(name, "/", "-", -1), strings.Replace(relativeDestPath, "/", "-", -1))
 	devPath := filepath.Join(c.DevicesPath(), devName)
 	srcPath := shared.HostPath(m["source"])
+	propagation := m["propagation"]
 
 	// Check if read-only
 	isOptional := shared.IsTrue(m["optional"])
@@ -7497,7 +7504,7 @@ func (c *containerLXC) createDiskDevice(name string, m types.Device) (string, er
 	}
 
 	// Mount the fs
-	err := deviceMountDisk(srcPath, devPath, isReadOnly, isRecursive)
+	err := deviceMountDisk(srcPath, devPath, isReadOnly, isRecursive, propagation)
 	if err != nil {
 		return "", err
 	}
diff --git a/lxd/devices.go b/lxd/devices.go
index 8aa057dcc..cffde5369 100644
--- a/lxd/devices.go
+++ b/lxd/devices.go
@@ -964,7 +964,7 @@ func deviceRemoveInterface(nic string) error {
 	return err
 }
 
-func deviceMountDisk(srcPath string, dstPath string, readonly bool, recursive bool) error {
+func deviceMountDisk(srcPath string, dstPath string, readonly bool, recursive bool, propagation string) error {
 	var err error
 
 	// Prepare the mount flags
@@ -982,6 +982,16 @@ func deviceMountDisk(srcPath string, dstPath string, readonly bool, recursive bo
 		}
 	} else {
 		flags |= syscall.MS_BIND
+		switch propagation {
+		case "private":
+			flags |= syscall.MS_PRIVATE
+		case "rshared":
+			flags |= syscall.MS_SHARED
+		case "rslave":
+			flags |= syscall.MS_SLAVE
+		default:
+			flags |= syscall.MS_PRIVATE
+		}
 		if recursive {
 			flags |= syscall.MS_REC
 		}

More information about the lxc-devel mailing list