[CRIU] mount: question about making external mounts private

Tycho Andersen tycho.andersen at canonical.com
Tue Jan 19 06:43:02 PST 2016


Hi Pavel,

On Tue, Jan 19, 2016 at 02:16:10PM +0300, Pavel Tikhomirov wrote:
> Hi, all
> 
> Andrey, Tycho please help with my question: In resolve_external_mounts we
> search external matches for mounts. For shared mount if shared_id is
> different for the mount and for the match, we mark these mount
> "internal_sharing = true" to later remount it as private mount. So why for
> such a case we make mount private even if it was not private before(was
> shared) and what internal_sharing mean?

The "internal" vs. "external" distinction refers to whether the peer
is inside or outside the mount namespace of the container. e.g. if I
do:

mount -t tmpfs -o size=200m tmpfs /tmp/ram
mount --make-shared /tmp/ram
unshare -m

/tmp/ram is an external mount, since there is a peer outside the
namespace. By contrast:

unshare -m
mount -t tmpfs -o size=200m tmpfs /tmp/ram
mount --make-shared /tmp/ram
mount --bind /tmp/ram /tmp/ram2

means that /tmp/ram2's sharing is internal.

We make the mount private if it has only internal sharing in case some
container did something like:

mount -t tmpfs -o size=200m tmpfs /tmp/ram
mount --make-shared /tmp/ram
unshare -m
mount --make-private /tmp/ram
mount --make-shared /tmp/ram
# subsequent mounts under /tmp/ram

So that it is not still shared with the parent and the subsequent
mounts show up only in the container and not in the host mount ns.

Does that answer your question?

Tycho


More information about the CRIU mailing list