podman icon indicating copy to clipboard operation
podman copied to clipboard
verified publisher icon containers

Add bind mounts for running containers

Open giuseppe opened this issue 9 months ago • 6 comments

Feature request description

Add the ability to create bind mounts for running containers. It can be useful for debugging without having to recreate the container.

Suggest potential solution

I've not really tested whether there is anything blocking it in the kernel, but I guess this can be achieved using the open_tree mount API to create the bind mount, then join the target mount namespace and attach the mount using move_mount.

Have you considered any alternatives?

A clear and concise description of any alternative solutions or features you've considered.

Additional context

Add any other context or screenshots about the feature request here.

giuseppe avatar Mar 21 '25 08:03 giuseppe

Duplicate of https://github.com/containers/podman/issues/22459?

Overall I still think this should be something that is done by the oci runtime not podman directly. Of course podman then still has to expose this, i.e. podman update --volume or whatever.

Luap99 avatar Mar 21 '25 10:03 Luap99

Overall I still think this should be something that is done by the oci runtime not podman directly. Of course podman then still has to expose this, i.e. podman update --volume or whatever.

I am fine to do it in crun, it is trivial code, but how to expose it so that Podman can use it?

crun add-mount $CTR mount.json?

giuseppe avatar Mar 21 '25 10:03 giuseppe

Maybe expose this via crun update as new option there and hopefully get runc to support that too.

Though it raises the question if we can add mounts should we be able to remove mounts?

Luap99 avatar Mar 21 '25 10:03 Luap99

$OCI_RUNTIME update deals only with cgroup resources, so a newer command is cleaner in my opinion.

Removing mounts is the equivalent of joining the mount namespace and run umount, but sure we can expose that as well to be uniform.

giuseppe avatar Mar 21 '25 11:03 giuseppe

lets keep in mind how this impacts remote clients and the precedents. I am generally in favor of this as well.

baude avatar Mar 21 '25 14:03 baude

hacked something for crun, still WIP: https://github.com/containers/crun/pull/1699

giuseppe avatar Mar 21 '25 23:03 giuseppe

A friendly reminder that this issue had no activity for 30 days.

github-actions[bot] avatar Apr 21 '25 00:04 github-actions[bot]

Bump, would be nice to be able to reload Nix built containers instead of a restart.

MagicRB avatar May 08 '25 13:05 MagicRB

the feature for cun is merged, you could use it manually

giuseppe avatar May 08 '25 14:05 giuseppe