Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd/create, cmd/initContainer: Mount the devpts file system at runtime #1257

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

cmd/create, cmd/initContainer: Mount the devpts file system at runtime #1257

wants to merge 2 commits into from

Conversation

debarshiray
Copy link
Member

Anything that's specified during podman create ... gets statically
baked into the container's configuration, and is either difficult or
impossible to change afterwards. This means that Toolbx containers
created with older versions of Toolbx keep diverging from those created
with newer versions. Hence, making it complicated to keep older
containers working with newer Toolbx.

Mounting the devpts file system at runtime as part of the Toolbx
container's entry point will make it possible to update the attributes
of the mount, if necessary, for both existing and newly created
containers.

For what it's worth, this does alter the mount options by removing
context.

With podman create --mount type=devpts,destination=/dev/pts it was:

  $ mount | grep
  ...
  devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,
    context="system_u:object_r:container_file_t:s0:c1022,c1023",
    gid=100005,mode=620,ptmxmode=666)

Now with mount -t devpts -o noexec,nosuid,gid=5,mode=620,ptmxmode=666
it is:

  $ mount | grep
  devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,seclabel,
    gid=100005,mode=620,ptmxmode=666)

#1016

@debarshiray debarshiray mentioned this pull request Mar 7, 2023
Closed
@softwarefactory-project-zuul
Copy link

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/81eeb3e3830440d38a358457a287d3b3

✔️ unit-test SUCCESS in 8m 52s
✔️ unit-test-migration-path-for-coreos-toolbox SUCCESS in 3m 44s
✔️ unit-test-restricted SUCCESS in 8m 11s
✔️ system-test-fedora-rawhide SUCCESS in 14m 47s
✔️ system-test-fedora-37 SUCCESS in 12m 17s
✔️ system-test-fedora-36 SUCCESS in 12m 24s

@softwarefactory-project-zuul
Copy link

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/ba6a78ec9a234289a8b38f000b748dc5

✔️ unit-test SUCCESS in 8m 49s
✔️ unit-test-migration-path-for-coreos-toolbox SUCCESS in 3m 12s
✔️ unit-test-restricted SUCCESS in 8m 16s
✔️ system-test-fedora-rawhide SUCCESS in 14m 53s
✔️ system-test-fedora-37 SUCCESS in 12m 43s
✔️ system-test-fedora-36 SUCCESS in 12m 54s

@debarshiray
cmd/create, cmd/root, cmd/run: Tweak the debug logs for consistency
2129e28 
Debug logs are sweeter when they are shorter.

containers#1258
@debarshiray
cmd/create, cmd/initContainer: Mount the devpts file system at runtime
cf6db37 
Anything that's specified during 'podman create ...' gets statically
baked into the container's configuration, and is either difficult or
impossible to change afterwards.  This means that Toolbx containers
created with older versions of Toolbx keep diverging from those created
with newer versions.  Hence, making it complicated to keep older
containers working with newer Toolbx.

Mounting the devpts file system at runtime as part of the Toolbx
container's entry point will make it possible to update the attributes
of the mount, if necessary, for both existing and newly created
containers.

For what it's worth, this does alter the mount options by removing
'context'.

With 'podman create --mount type=devpts,destination=/dev/pts' it was:
  $ mount | grep
  ...
  devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,
    context="system_u:object_r:container_file_t:s0:c1022,c1023",
    gid=100005,mode=620,ptmxmode=666)

Now with 'mount -t devpts -o noexec,nosuid,gid=5,mode=620,ptmxmode=666'
it is:
  $ mount | grep
  devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,seclabel,
    gid=100005,mode=620,ptmxmode=666)

containers#1016
@softwarefactory-project-zuul
Copy link

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/e26ad70ae30b4421bffaa10524bde4c2

✔️ unit-test SUCCESS in 7m 26s
✔️ unit-test-migration-path-for-coreos-toolbox SUCCESS in 3m 15s
✔️ unit-test-restricted SUCCESS in 6m 56s
✔️ system-test-fedora-rawhide SUCCESS in 13m 24s
✔️ system-test-fedora-37 SUCCESS in 11m 00s
✔️ system-test-fedora-36 SUCCESS in 11m 18s

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@debarshiray