[CRIU] mount: question about making external mounts private
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Wed Jan 20 00:44:39 PST 2016
Thanks a lot for your answer, Tycho, it was very helpful!
On 01/19/2016 05:43 PM, Tycho Andersen wrote:
> Hi Pavel,
>
> On Tue, Jan 19, 2016 at 02:16:10PM +0300, Pavel Tikhomirov wrote:
>> Hi, all
>>
>> Andrey, Tycho please help with my question: In resolve_external_mounts we
>> search external matches for mounts. For shared mount if shared_id is
>> different for the mount and for the match, we mark these mount
>> "internal_sharing = true" to later remount it as private mount. So why for
>> such a case we make mount private even if it was not private before(was
>> shared) and what internal_sharing mean?
>
> The "internal" vs. "external" distinction refers to whether the peer
> is inside or outside the mount namespace of the container. e.g. if I
> do:
>
> mount -t tmpfs -o size=200m tmpfs /tmp/ram
> mount --make-shared /tmp/ram
> unshare -m
>
> /tmp/ram is an external mount, since there is a peer outside the
> namespace. By contrast:
>
> unshare -m
> mount -t tmpfs -o size=200m tmpfs /tmp/ram
> mount --make-shared /tmp/ram
> mount --bind /tmp/ram /tmp/ram2
>
> means that /tmp/ram2's sharing is internal.
>
> We make the mount private if it has only internal sharing in case some
> container did something like:
>
> mount -t tmpfs -o size=200m tmpfs /tmp/ram
> mount --make-shared /tmp/ram
> unshare -m
> mount --make-private /tmp/ram
> mount --make-shared /tmp/ram
> # subsequent mounts under /tmp/ram
>
> So that it is not still shared with the parent and the subsequent
> mounts show up only in the container and not in the host mount ns.
>
> Does that answer your question?
>
> Tycho
>
--
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.
More information about the CRIU
mailing list