Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

libct: Don't use stale mount fds #3518

Closed
wants to merge 2 commits into from
Closed

libct: Don't use stale mount fds #3518

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1723db7
libct: Don't use stale fds
rata Jun 20, 2022
7c5e68c
test/integration: Add test for stale fd
rata Jun 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 8 additions & 7 deletions libcontainer/rootfs_linux.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,15 +60,16 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig, mountFds []int) (err
return fmt.Errorf("malformed mountFds slice. Expected size: %v, got: %v. Slice: %v", len(config.Mounts), len(mountFds), mountFds)
}

mountConfig := &mountConfig{
root: config.Rootfs,
label: config.MountLabel,
cgroup2Path: iConfig.Cgroup2Path,
rootlessCgroups: iConfig.RootlessCgroups,
cgroupns: config.Namespaces.Contains(configs.NEWCGROUP),
}
setupDev := needsSetupDev(config)
for i, m := range config.Mounts {
mountConfig := &mountConfig{
root: config.Rootfs,
label: config.MountLabel,
cgroup2Path: iConfig.Cgroup2Path,
rootlessCgroups: iConfig.RootlessCgroups,
cgroupns: config.Namespaces.Contains(configs.NEWCGROUP),
}

// Just before the loop we checked that if not empty, len(mountFds) == len(config.Mounts).
// Therefore, we can access mountFds[i] without any concerns.
if mountFds != nil && mountFds[i] != -1 {
Expand Down
19 changes: 19 additions & 0 deletions tests/integration/userns.bats
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,3 +64,22 @@ function teardown() {
runc exec test_busybox stat /tmp/mount-1/foo.txt /tmp/mount-2/foo.txt
[ "$status" -eq 0 ]
}

# To repro issue mentioned in: https://github.com/opencontainers/runc/pull/3510.
@test "userns with bind mount before a cgroupfs mount" {
# This can only be reproduced on cgroup v1 (and no cgroupns) due to the
# way it is mounted in such case (a bunch of of bind mounts).
requires cgroups_v1

# Add a bind mount right before the /sys/fs/cgroup mount,
# and make sure cgroupns is not enabled.
update_config ' .mounts |= map(if .destination == "/sys/fs/cgroup" then ({"source": "source-accessible/dir", "destination": "/tmp/mount-1", "options": ["bind"]}, .) else . end)
| .linux.namespaces -= [{"type": "cgroup"}]'

runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
[ "$status" -eq 0 ]

# Make sure this is real cgroupfs.
runc exec test_busybox cat /sys/fs/cgroup/{pids,memory}/tasks
[ "$status" -eq 0 ]
}