Skip to content

jailer: Ensure that bindmounts are propagated into the root#1093

Merged
alxiord merged 2 commits intofirecracker-microvm:masterfrom
mcastelino:topic/jailer_bindmount
May 20, 2019
Merged

jailer: Ensure that bindmounts are propagated into the root#1093
alxiord merged 2 commits intofirecracker-microvm:masterfrom
mcastelino:topic/jailer_bindmount

Conversation

@mcastelino
Copy link
Copy Markdown
Contributor

@mcastelino mcastelino commented May 13, 2019

User can bind mount into the chroot location.
This is needed as hard links cannot cross file system boundaries.
Copy is not always feasible (e.g. block devices).

Change the bind mount to be slave, such that host to jail bind
mounts are properly propagated. However we do not want to jail
to host events to propgate back.

Fixes: #1089

Signed-off-by: Manohar Castelino manohar.r.castelino@intel.com

Issue #, if available:

Description of changes:

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

This was referenced May 13, 2019
Closed
Merged
alexandruag
alexandruag reviewed May 14, 2019
View reviewed changes
@mcastelino mcastelino force-pushed the topic/jailer_bindmount branch 2 times, most recently from 42e4f4c to fc99e0d Compare May 16, 2019 15:10
@alexandruag alexandruag mentioned this pull request May 17, 2019
Open
petreeftime
petreeftime previously approved these changes May 17, 2019
View reviewed changes
@mcastelino
jailer: Ensure that bindmounts are propagated into the root
9661a85 
User can bind mount into the chroot location.
This is needed as hard links cannot cross file system boundaries.
Copy is not always feasible (e.g. block devices).

Change the bind mount to be slave, such that host to jail bind
mounts are properly propagated. However we do not want to jail
to host events to propgate back.

Fixes: firecracker-microvm#1089

Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
@mcastelino mcastelino force-pushed the topic/jailer_bindmount branch from fc99e0d to 9661a85 Compare May 17, 2019 20:24
@alxiord alxiord merged commit bfaf26c into firecracker-microvm:master May 20, 2019
@mcastelino mcastelino mentioned this pull request May 28, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

3 more reviewers

@alxiord alxiord alxiord approved these changes

@alexandruag alexandruag alexandruag approved these changes

@petreeftime petreeftime petreeftime left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@mcastelino mcastelino

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Jailer: Incorrect handling of bind mounts within the rootfs

4 participants

@mcastelino @alxiord @alexandruag @petreeftime