Felix Abecassis
Felix Abecassis
Let's see if changing the mount order breaks anything before tackling documentation.
Looks like `runc` only sets the parent mount of the rootfs to `slave`: https://github.com/opencontainers/runc/blob/master/libcontainer/rootfs_linux.go#L583-L609
I did an incredibly dirty test where I skipped `/run` in `remount_all_slave` and it then worked as expected for the initial case above. But it's not exactly what you're asking,...
Thinking about it more, it looks like this approach is better (slightly more fine-grained) but still has a major issue. Let's take the following example ``` lxc.mount.entry = /run/nvidia mnt/nvidia...
Any idea @brauner?
My understanding of what runc is doing today: ```sh ROOTFS="/home/fabecassis/rootfs" mount --make-private /home # Parent mount of the rootfs mount --bind "${ROOTFS}" "${ROOTFS}" mount --make-private "${ROOTFS}" mount --bind "/home/fabecassis/test" "$ROOTFS/mnt/test"...
Regarding the cost of `go-mtree`, yes that's what I found out too, that's why I pushed for `raw unpack` https://github.com/opencontainers/umoci/pull/239 But parallel extraction combined with overlayfs is also what we...
@cyphar what was the argument against doing simply file-level deduplication? I don't claim to know the typology of all docker images, but on our side (NVIDIA) we have a few...
@vbatts right, and that's what we use today combined with careful layering. I just wanted to clarify if there was a solution at this level, for the cases where you...