[CRIU] Sync TODO-s for mount.c work

Thu Apr 23 07:24:15 PDT 2015

On Thu, Apr 23, 2015 at 01:17:32PM +0200, Oleg Nesterov wrote:
> On 04/22, Tycho Andersen wrote:
> >
> > On Wed, Apr 22, 2015 at 07:48:25PM +0200, Oleg Nesterov wrote:
> > >
> > > To me, "remove this restriction" makes much more sense. In fact, this
> > > restriction looks like a bug to me.
> > >
> > > Once again, in this particular case "auto" will wrongly treat all
> > > mounts (except /) as a bind mount. This just means that you can never
> > > use this option if the process inherits some mntpoint from parent ns.
> >
> > Right. Does the requiring pivot_root patch mask this for now?
> 
> Ah, so I misunderstood the intent. If you suggest this change as a
> temporary hack which just "documents" the problem we need to solve
> eventually, then I agree.

Yes, sorry. Just a temporary hack until we figure out how to solve
this for real (since I think an ultimate solution might require help
from the kernel, this might be a while :).

> > And a second question, any ideas on how to fix this? :)
> 
> You are trolling me ;)

:D

> Not really. But can't we split the problem(s) to simplify the discussion?
> 
> 
> I mean, unless I am totally confused, whatever we do we need to change
> resolve_external_mounts() to _not_ create ->external for the mnts which
> are not actually external.
> 
> So we need, say, is_not_external_mount(m). Lets pretend it is just
> 
> 	bool is_not_external_mount(m)
> 	{
> 		return fsroot_mounted(m);
> 	}
> 
> yes, yes, this is wrong. But. It can work just fine in this particular
> case:
> 
> 	# unshare -m
> 
> 	# mount --make-slave /
> 	# mount --make-shared /
> 
> 	# mkdir /tmp/A /tmp/B
> 	# mount --bind /tmp/A /tmp/B
> 
> 	# cat /proc/self/mountinfo
> 	26 20 253:1 / / rw,relatime shared:7 master:1 - xfs /dev/mapper/rhel_ibm--x3650m4--02--vm--02-root rw,seclabel,attr2,inode64,noquota
> 	27 26 0:5 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=16374292k,nr_inodes=4093573,mode=755
> 	28 27 0:17 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel
> 	29 27 0:11 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000
> 	30 26 0:3 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
> 	31 26 0:16 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel
> 	32 31 0:19 / /sys/fs/cgroup rw,nosuid,nodev,noexec shared:8 - tmpfs tmpfs rw,seclabel,mode=755
> 	33 32 0:20 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
> 	34 26 0:18 / /run rw,nosuid,nodev shared:22 - tmpfs tmpfs rw,seclabel,mode=755
> 	35 26 253:1 /tmp/A /tmp/B rw,relatime shared:7 master:1 - xfs /dev/mapper/rhel_ibm--x3650m4--02--vm--02-root rw,seclabel,attr2,inode64,noquota
> 	
> only "/tmp/B" needs the AUTODETECTED_MOUNT logic in this case we can
> rely on fsroot_mounted(). Once again, in this particular case.
> 
> Now what? Obviously we can't just add
> 
> 	if (is_not_external_mount(m))
> 		continue;
> 
> into resolve_external_mounts(), this is not enough. What else should
> we do?

The only thing I can think of is that we expose a globally unique
identifier for each mount across namespaces. We can't do
fsroot_mounted() because you can have fsroot_mounted() external bind
mounts, so it only happens to fix the problem in the above case, but
breaks others where --ext-mount-map auto currently works correctly.

Tycho