runc icon indicating copy to clipboard operation
runc copied to clipboard
verified publisher icon opencontainers

Allow shared mounts by default

Open evanphx opened this issue 10 months ago • 3 comments

The current behavior disallows any mount having (r)shared on it because by default, the root is set with MS_SLAVE|MS_REC, which disallows sub-dirs from having a different propagation.

Projects have been working around this by setting the RootfsPropogation to "shared", to override the default (https://github.com/containerd/nerdctl/blob/main/pkg/mountutil/mountutil_linux.go#L185-L193).

This patch makes a reasonable attempt to make the functionality work without touching RootfsPropogation.

evanphx avatar Feb 27 '25 23:02 evanphx

Looking at the code I've edited, the code resets it to PRIVATE below. Can someone chime in on what the code setting to SLAVE is meant to do? Totally likely my change isn't right because I'm not sure I understand what the purpose is of setting SLAVE is.

evanphx avatar Feb 28 '25 00:02 evanphx

Just curious, why not set the propagation you want for the rootfs in the config.json, as nerdctl is doing in the link you point?

rata avatar Apr 02 '25 15:04 rata

Can someone chime in on what the code setting to SLAVE is meant to do?

I guess @kolyshkin or @cyphar are the right persons to answer this

rata avatar Apr 02 '25 15:04 rata