Skip to content
This repository has been archived by the owner on Mar 9, 2022. It is now read-only.

Commit

Permalink
Merge pull request #872 from yanxuean/cri-1.0
Browse files Browse the repository at this point in the history
[cherry-pick] support no_pivot option for runc
  • Loading branch information
Random-Liu authored Aug 7, 2018
2 parents 90266f5 + 835cfc3 commit 57705f5
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 2 deletions.
3 changes: 3 additions & 0 deletions docs/config.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,9 @@ The explanation and default value of each configuration item are as follows:
# snapshotter is the snapshotter used by containerd.
snapshotter = "overlayfs"

# no_pivot disables pivot-root (linux only), required when running a container in a RamDisk with runc
no_pivot = false

# "plugins.cri.containerd.default_runtime" is the runtime to use in containerd.
[plugins.cri.containerd.default_runtime]
# runtime_type is the runtime type to use in containerd e.g. io.containerd.runtime.v1.linux
Expand Down
3 changes: 3 additions & 0 deletions pkg/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ type ContainerdConfig struct {
DefaultRuntime Runtime `toml:"default_runtime" json:"defaultRuntime"`
// UntrustedWorkloadRuntime is a runtime to run untrusted workloads on it.
UntrustedWorkloadRuntime Runtime `toml:"untrusted_workload_runtime" json:"untrustedWorkloadRuntime"`
// NoPivot disables pivot-root (linux only), required when running a container in a RamDisk with runc
NoPivot bool `toml:"no_pivot" json:"noPivot"`
}

// CniConfig contains toml config related to cni
Expand Down Expand Up @@ -132,6 +134,7 @@ func DefaultConfig() PluginConfig {
Engine: "",
Root: "",
},
NoPivot: false,
},
StreamServerAddress: "",
StreamServerPort: "10010",
Expand Down
6 changes: 5 additions & 1 deletion pkg/server/container_start.go
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,11 @@ func (c *criService) startContainer(ctx context.Context,
return cntr.IO, nil
}

task, err := container.NewTask(ctx, ioCreation)
var taskOpts []containerd.NewTaskOpts
if c.config.NoPivot {
taskOpts = append(taskOpts, containerd.WithNoPivotRoot)
}
task, err := container.NewTask(ctx, ioCreation, taskOpts...)
if err != nil {
return errors.Wrap(err, "failed to create containerd task")
}
Expand Down
7 changes: 6 additions & 1 deletion pkg/server/sandbox_run.go
Original file line number Diff line number Diff line change
Expand Up @@ -293,8 +293,13 @@ func (c *criService) RunPodSandbox(ctx context.Context, r *runtime.RunPodSandbox
// Create sandbox task in containerd.
log.Tracef("Create sandbox container (id=%q, name=%q).",
id, name)

var taskOpts []containerd.NewTaskOpts
if c.config.NoPivot {
taskOpts = append(taskOpts, containerd.WithNoPivotRoot)
}
// We don't need stdio for sandbox container.
task, err := container.NewTask(ctx, containerdio.NullIO)
task, err := container.NewTask(ctx, containerdio.NullIO, taskOpts...)
if err != nil {
return status, errors.Wrap(err, "failed to create containerd task")
}
Expand Down

0 comments on commit 57705f5

Please sign in to comment.