The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/6429
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
This PR adds support for passing in raw mount option string for disk device mounts, e.g:
lxc config device add first vfat1 disk source=/dev/loop9 path=/mnt/test raw.mount.options=gid=123,uid=456
From 138f0a05c87e1fa85acd3eb3b01af0c79471dd29 Mon Sep 17 00:00:00 2001
From: Lily <l...@wireless-10-147-28-83.public.utexas.edu>
Date: Sat, 9 Nov 2019 15:17:40 -0600
Subject: [PATCH 1/4] api: Add extention for passing in raw mount options
Signed-off-by: Lillian J. Johnson lillianjanjohn...@gmail.com
---
doc/api-extensions.md | 3 +++
shared/version/api.go | 1 +
2 files changed, 4 insertions(+)
diff --git a/doc/api-extensions.md b/doc/api-extensions.md
index 1ffb73084e..ca09e50e41 100644
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -869,3 +869,6 @@ elevated permissions.
## compression_squashfs
Adds support for importing/exporting of images/backups using SquashFS file
system format.
+
+## container\_raw\_mount
+This adds support for passing in raw mount options for disk devices.
\ No newline at end of file
diff --git a/shared/version/api.go b/shared/version/api.go
index 6498b1d156..f6b0e345a1 100644
--- a/shared/version/api.go
+++ b/shared/version/api.go
@@ -174,6 +174,7 @@ var APIExtensions = []string{
"ceph_data_pool_name",
"container_syscall_intercept_mount",
"compression_squashfs",
+ "container_raw_mount",
}
// APIExtensionsCount returns the number of available API extensions.
From 37cc012696d7763222f422c619fdc91d7b6fef96 Mon Sep 17 00:00:00 2001
From: Lily <l...@wireless-10-147-28-83.public.utexas.edu>
Date: Sat, 9 Nov 2019 15:20:15 -0600
Subject: [PATCH 2/4] doc/container: added raw_mount_options to disk options
Signed-off-by: Lillian J. Johnson lillianjanjohn...@gmail.com
---
doc/containers.md | 29 +++++++++++++++--------------
1 file changed, 15 insertions(+), 14 deletions(-)
diff --git a/doc/containers.md b/doc/containers.md
index 88a095a67e..38543c0c31 100644
--- a/doc/containers.md
+++ b/doc/containers.md
@@ -481,20 +481,21 @@ if the source is a block device, a regular mount.
The following properties exist:
-Key | Type | Default | Required | Description
-:-- | :-- | :-- | :-- | :--
-limits.read | string | - | no | I/O limit in
byte/s (various suffixes supported, see below) or in iops (must be suffixed
with "iops")
-limits.write | string | - | no | I/O limit in
byte/s (various suffixes supported, see below) or in iops (must be suffixed
with "iops")
-limits.max | string | - | no | Same as
modifying both limits.read and limits.write
-path | string | - | yes | Path inside the
container where the disk will be mounted
-source | string | - | yes | Path on the
host, either to a file/directory or to a block device
-required | boolean | true | no | Controls whether
to fail if the source doesn't exist
-readonly | boolean | false | no | Controls whether
to make the mount read-only
-size | string | - | no | Disk size in
bytes (various suffixes supported, see below). This is only supported for the
rootfs (/).
-recursive | boolean | false | no | Whether or not
to recursively mount the source path
-pool | string | - | no | The storage pool
the disk device belongs to. This is only applicable for storage volumes managed
by LXD.
-propagation | string | - | no | Controls how a
bind-mount is shared between the container and the host. (Can be one of
`private`, the default, or `shared`, `slave`, `unbindable`, `rshared`,
`rslave`, `runbindable`, `rprivate`. Please see the Linux Kernel [shared
subtree](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt)
documentation for a full explanation)
-shift | boolean | false | no | Setup a shifting
overlay to translate the source uid/gid to match the container
+Key | Type | Default | Required | Description
+:-- | :-- | :-- | :-- | :--
+limits.read | string | - | no | I/O limit in
byte/s (various suffixes supported, see below) or in iops (must be suffixed
with "iops")
+limits.write | string | - | no | I/O limit in
byte/s (various suffixes supported, see below) or in iops (must be suffixed
with "iops")
+limits.max | string | - | no | Same as
modifying both limits.read and limits.write
+path | string | - | yes | Path inside the
container where the disk will be mounted
+source | string | - | yes | Path on the
host, either to a file/directory or to a block device
+required | boolean | true | no | Controls
whether to fail if the source doesn't exist
+readonly | boolean | false | no | Controls
whether to make the mount read-only
+size | string | - | no | Disk size in
bytes (various suffixes supported, see below). This is only supported for the
rootfs (/).
+recursive | boolean | false | no | Whether or not
to recursively mount the source path
+pool | string | - | no | The storage
pool the disk device belongs to. This is only applicable for storage volumes
managed by LXD.
+propagation | string | - | no | Controls how a
bind-mount is shared between the container and the host. (Can be one of
`private`, the default, or `shared`, `slave`, `unbindable`, `rshared`,
`rslave`, `runbindable`, `rprivate`. Please see the Linux Kernel [shared
subtree](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt)
documentation for a full explanation)
+shift | boolean | false | no | Setup a
shifting overlay to translate the source uid/gid to match the container
+raw.mount.options| string | - | no |
Filesystem specific mount options
If multiple disks, backed by the same block device, have I/O limits set,
the average of the limits will be used.
From ac4c6350a646aa213e1f74bbd8fb3e3ac20b2f89 Mon Sep 17 00:00:00 2001
From: Lily <l...@wireless-10-147-28-83.public.utexas.edu>
Date: Sat, 9 Nov 2019 15:25:33 -0600
Subject: [PATCH 3/4] lxd/device add support for raw_mount_options for disk
device mounts
Signed-off-by: Lillian J. Johnson lillianjanjohn...@gmail.com
---
lxd/device/device_utils_disk.go | 8 ++++----
lxd/device/device_utils_unix.go | 2 +-
lxd/device/disk.go | 3 ++-
3 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/lxd/device/device_utils_disk.go b/lxd/device/device_utils_disk.go
index 469f32ad54..7d84d3b0cb 100644
--- a/lxd/device/device_utils_disk.go
+++ b/lxd/device/device_utils_disk.go
@@ -48,7 +48,7 @@ func IsBlockdev(path string) bool {
}
// DiskMount mounts a disk device.
-func DiskMount(srcPath string, dstPath string, readonly bool, recursive bool,
propagation string) error {
+func DiskMount(srcPath string, dstPath string, readonly bool, recursive bool,
propagation string, rawMountOptions string) error {
var err error
// Prepare the mount flags
@@ -95,7 +95,7 @@ func DiskMount(srcPath string, dstPath string, readonly bool,
recursive bool, pr
}
// Mount the filesystem
- err = unix.Mount(srcPath, dstPath, fstype, uintptr(flags), "")
+ err = unix.Mount(srcPath, dstPath, fstype, uintptr(flags),
rawMountOptions)
if err != nil {
return fmt.Errorf("Unable to mount %s at %s: %s", srcPath,
dstPath, err)
}
@@ -103,14 +103,14 @@ func DiskMount(srcPath string, dstPath string, readonly
bool, recursive bool, pr
// Remount bind mounts in readonly mode if requested
if readonly == true && flags&unix.MS_BIND == unix.MS_BIND {
flags = unix.MS_RDONLY | unix.MS_BIND | unix.MS_REMOUNT
- err = unix.Mount("", dstPath, fstype, uintptr(flags), "")
+ err = unix.Mount("", dstPath, fstype, uintptr(flags),
rawMountOptions)
if err != nil {
return fmt.Errorf("Unable to mount %s in readonly mode:
%s", dstPath, err)
}
}
flags = unix.MS_REC | unix.MS_SLAVE
- err = unix.Mount("", dstPath, "", uintptr(flags), "")
+ err = unix.Mount("", dstPath, "", uintptr(flags), rawMountOptions)
if err != nil {
return fmt.Errorf("unable to make mount %s private: %s",
dstPath, err)
}
diff --git a/lxd/device/device_utils_unix.go b/lxd/device/device_utils_unix.go
index 632cbff564..53cb50bb07 100644
--- a/lxd/device/device_utils_unix.go
+++ b/lxd/device/device_utils_unix.go
@@ -273,7 +273,7 @@ func UnixDeviceCreate(s *state.State, idmapSet
*idmap.IdmapSet, devicesPath stri
}
f.Close()
- err = DiskMount(srcPath, devPath, false, false, "")
+ err = DiskMount(srcPath, devPath, false, false, "", "")
if err != nil {
return nil, err
}
diff --git a/lxd/device/disk.go b/lxd/device/disk.go
index 954dd56849..d708d00461 100644
--- a/lxd/device/disk.go
+++ b/lxd/device/disk.go
@@ -75,6 +75,7 @@ func (d *disk) validateConfig() error {
"size": shared.IsAny,
"pool": shared.IsAny,
"propagation": validatePropagation,
+ "raw.mount.options": shared.IsAny,
}
err := d.config.Validate(rules)
@@ -606,7 +607,7 @@ func (d *disk) createDevice() (string, error) {
}
// Mount the fs.
- err := DiskMount(srcPath, devPath, isReadOnly, isRecursive,
d.config["propagation"])
+ err := DiskMount(srcPath, devPath, isReadOnly, isRecursive,
d.config["propagation"], d.config["raw.mount.options"])
if err != nil {
return "", err
}
From 39a409083bc9fdd5fce25114baf60b6bd3c544f0 Mon Sep 17 00:00:00 2001
From: Lily <l...@wireless-10-147-28-83.public.utexas.edu>
Date: Sat, 9 Nov 2019 15:39:45 -0600
Subject: [PATCH 4/4] tests: Add test for raw.mount.options for disk device
mounts
Signed-off-by: Lillian J. Johnson lillianjanjohn...@gmail.com
---
doc/containers.md | 2 +-
test/suites/container_devices_disk.sh | 26 ++++++++++++++++++++++++++
2 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/doc/containers.md b/doc/containers.md
index 38543c0c31..5441367e3b 100644
--- a/doc/containers.md
+++ b/doc/containers.md
@@ -495,7 +495,7 @@ recursive | boolean | false | no
| Whether or not to
pool | string | - | no | The storage
pool the disk device belongs to. This is only applicable for storage volumes
managed by LXD.
propagation | string | - | no | Controls how a
bind-mount is shared between the container and the host. (Can be one of
`private`, the default, or `shared`, `slave`, `unbindable`, `rshared`,
`rslave`, `runbindable`, `rprivate`. Please see the Linux Kernel [shared
subtree](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt)
documentation for a full explanation)
shift | boolean | false | no | Setup a
shifting overlay to translate the source uid/gid to match the container
-raw.mount.options| string | - | no |
Filesystem specific mount options
+raw.mount.options| string | - | no | Filesystem
specific mount options
If multiple disks, backed by the same block device, have I/O limits set,
the average of the limits will be used.
diff --git a/test/suites/container_devices_disk.sh
b/test/suites/container_devices_disk.sh
index 91ef518b0f..b79738cfdf 100644
--- a/test/suites/container_devices_disk.sh
+++ b/test/suites/container_devices_disk.sh
@@ -5,6 +5,7 @@ test_container_devices_disk() {
lxc launch testimage foo
test_container_devices_disk_shift
+ test_container_devices_raw_mount_options
lxc delete -f foo
}
@@ -59,3 +60,28 @@ test_container_devices_disk_shift() {
lxc storage volume delete "${POOL}" foo-shift
lxc stop foo -f
}
+
+test_container_devices_raw_mount_options() {
+ configure_loop_device loop_file_1 loop_device_1
+ mkfs.vfat "${loop_device_1}"
+
+ lxc launch testimage foo-priv -c security.privileged=true
+
+ lxc config device add foo-priv loop_raw_mount_options disk
source="${loop_device_1}" path=/mnt
+ [ "$(lxc exec foo -- stat /mnt -c '%u:%g')" = "0:0" ] || false
+ lxc config device remove foo-priv loop_raw_mount_options
+
+ lxc config device add foo-priv loop_raw_mount_options disk
source="${loop_device_1}" path=/mnt raw.mount.options=uid=123,gid=456
+ [ "$(lxc exec foo -- stat /mnt -c '%u:%g')" = "123:456" ] || false
+ lxc config device remove foo-priv loop_raw_mount_options
+
+ lxc stop foo-priv -f
+ lxc config device add foo-priv loop_raw_mount_options disk
source="${loop_device_1}" path=/mnt raw.mount.options=uid=123,gid=456
+ lxc start foo-priv
+
+ [ "$(lxc exec foo -- stat /mnt -c '%u:%g')" = "123:456" ] || false
+ lxc config device remove foo-priv loop_raw_mount_options
+
+ lxc delete -f foo-priv
+ deconfigure_loop_device "${loop_file_1}" "${loop_device_1}"
+}
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
