From 813f0a22828602b9786d04d3787e539597a67f8c Mon Sep 17 00:00:00 2001 From: Mahmood Ali Date: Mon, 3 Dec 2018 10:41:01 -0500 Subject: [PATCH] libcontainer to manage /dev and /proc (#4945) libcontainer already manages `/dev`, overriding task_dir - so let's use it for `/proc` as well and remove deadcode. --- client/allocdir/alloc_dir.go | 5 -- client/allocdir/fs_windows.go | 5 -- client/allocdir/task_dir.go | 10 +-- client/allocdir/task_dir_linux.go | 77 ----------------------- client/allocdir/task_dir_linux_test.go | 73 --------------------- client/allocdir/task_dir_nonlinux.go | 13 ---- drivers/shared/executor/executor_linux.go | 6 ++ 7 files changed, 7 insertions(+), 182 deletions(-) delete mode 100644 client/allocdir/task_dir_linux.go delete mode 100644 client/allocdir/task_dir_linux_test.go delete mode 100644 client/allocdir/task_dir_nonlinux.go diff --git a/client/allocdir/alloc_dir.go b/client/allocdir/alloc_dir.go index 793c5c81d..2e0e4a8a3 100644 --- a/client/allocdir/alloc_dir.go +++ b/client/allocdir/alloc_dir.go @@ -307,11 +307,6 @@ func (d *AllocDir) UnmountAll() error { fmt.Errorf("failed to remove the secret dir %q: %v", dir.SecretsDir, err)) } } - - // Unmount dev/ and proc/ have been mounted. - if err := dir.unmountSpecialDirs(); err != nil { - mErr.Errors = append(mErr.Errors, err) - } } return mErr.ErrorOrNil() diff --git a/client/allocdir/fs_windows.go b/client/allocdir/fs_windows.go index 845bd7767..466423e00 100644 --- a/client/allocdir/fs_windows.go +++ b/client/allocdir/fs_windows.go @@ -55,11 +55,6 @@ func MountSpecialDirs(taskDir string) error { return nil } -// unmountSpecialDirs unmounts the dev and proc file system from the chroot -func unmountSpecialDirs(taskDir string) error { - return nil -} - // getOwner doesn't work on Windows as Windows doesn't use int user IDs func getOwner(os.FileInfo) (int, int) { return idUnsupported, idUnsupported diff --git a/client/allocdir/task_dir.go b/client/allocdir/task_dir.go index 6595f82d9..9c4a602ae 100644 --- a/client/allocdir/task_dir.go +++ b/client/allocdir/task_dir.go @@ -148,16 +148,8 @@ func (t *TaskDir) Build(chrootCreated bool, chroot map[string]string, fsi cstruc func (t *TaskDir) buildChroot(chrootCreated bool, entries map[string]string) error { if !chrootCreated { // Link/copy chroot entries - if err := t.embedDirs(entries); err != nil { - return err - } + return t.embedDirs(entries) } - - // Mount special dirs - if err := t.mountSpecialDirs(); err != nil { - return err - } - return nil } diff --git a/client/allocdir/task_dir_linux.go b/client/allocdir/task_dir_linux.go deleted file mode 100644 index d8e62f49c..000000000 --- a/client/allocdir/task_dir_linux.go +++ /dev/null @@ -1,77 +0,0 @@ -package allocdir - -import ( - "fmt" - "os" - "path/filepath" - "syscall" - - "github.com/hashicorp/go-multierror" -) - -// mountSpecialDirs mounts the dev and proc file system from the host to the -// chroot -func (t *TaskDir) mountSpecialDirs() error { - // Mount dev - dev := filepath.Join(t.Dir, "dev") - if !pathExists(dev) { - if err := os.Mkdir(dev, 0777); err != nil { - return fmt.Errorf("Mkdir(%v) failed: %v", dev, err) - } - } - devEmpty, err := pathEmpty(dev) - if err != nil { - return fmt.Errorf("error listing %q: %v", dev, err) - } - if devEmpty { - if err := syscall.Mount("none", dev, "devtmpfs", syscall.MS_RDONLY, ""); err != nil { - return fmt.Errorf("Couldn't mount /dev to %v: %v", dev, err) - } - } - - // Mount proc - proc := filepath.Join(t.Dir, "proc") - if !pathExists(proc) { - if err := os.Mkdir(proc, 0777); err != nil { - return fmt.Errorf("Mkdir(%v) failed: %v", proc, err) - } - } - procEmpty, err := pathEmpty(proc) - if err != nil { - return fmt.Errorf("error listing %q: %v", proc, err) - } - if procEmpty { - if err := syscall.Mount("none", proc, "proc", syscall.MS_RDONLY, ""); err != nil { - return fmt.Errorf("Couldn't mount /proc to %v: %v", proc, err) - } - } - - return nil -} - -// unmountSpecialDirs unmounts the dev and proc file system from the chroot. No -// error is returned if the directories do not exist or have already been -// unmounted. -func (t *TaskDir) unmountSpecialDirs() error { - errs := new(multierror.Error) - dev := filepath.Join(t.Dir, "dev") - if pathExists(dev) { - if err := unlinkDir(dev); err != nil { - errs = multierror.Append(errs, fmt.Errorf("Failed to unmount dev %q: %v", dev, err)) - } else if err := os.RemoveAll(dev); err != nil { - errs = multierror.Append(errs, fmt.Errorf("Failed to delete dev directory %q: %v", dev, err)) - } - } - - // Unmount proc. - proc := filepath.Join(t.Dir, "proc") - if pathExists(proc) { - if err := unlinkDir(proc); err != nil { - errs = multierror.Append(errs, fmt.Errorf("Failed to unmount proc %q: %v", proc, err)) - } else if err := os.RemoveAll(proc); err != nil { - errs = multierror.Append(errs, fmt.Errorf("Failed to delete proc directory %q: %v", dev, err)) - } - } - - return errs.ErrorOrNil() -} diff --git a/client/allocdir/task_dir_linux_test.go b/client/allocdir/task_dir_linux_test.go deleted file mode 100644 index f3f9a7423..000000000 --- a/client/allocdir/task_dir_linux_test.go +++ /dev/null @@ -1,73 +0,0 @@ -package allocdir - -import ( - "io/ioutil" - "os" - "path/filepath" - "testing" - - "github.com/hashicorp/nomad/helper/testlog" - "golang.org/x/sys/unix" -) - -// TestLinuxSpecialDirs ensures mounting /dev and /proc works. -func TestLinuxSpecialDirs(t *testing.T) { - if unix.Geteuid() != 0 { - t.Skip("Must be run as root") - } - - allocDir, err := ioutil.TempDir("", "nomadtest-specialdirs") - if err != nil { - t.Fatalf("unable to create tempdir for test: %v", err) - } - defer os.RemoveAll(allocDir) - - td := newTaskDir(testlog.HCLogger(t), allocDir, "test") - - // Despite the task dir not existing, unmountSpecialDirs should *not* - // return an error - if err := td.unmountSpecialDirs(); err != nil { - t.Fatalf("error removing nonexistent special dirs: %v", err) - } - - // Mounting special dirs in a nonexistent task dir *should* return an - // error - if err := td.mountSpecialDirs(); err == nil { - t.Fatalf("expected mounting in a nonexistent task dir %q to fail", td.Dir) - } - - // Create the task dir like TaskDir.Build would - if err := os.MkdirAll(td.Dir, 0777); err != nil { - t.Fatalf("error creating task dir %q: %v", td.Dir, err) - } - - // Mounting special dirs should now work and contain files - if err := td.mountSpecialDirs(); err != nil { - t.Fatalf("error mounting special dirs in %q: %v", td.Dir, err) - } - if empty, err := pathEmpty(filepath.Join(td.Dir, "dev")); empty || err != nil { - t.Fatalf("expected dev to be populated but found: empty=%v error=%v", empty, err) - } - if empty, err := pathEmpty(filepath.Join(td.Dir, "proc")); empty || err != nil { - t.Fatalf("expected proc to be populated but found: empty=%v error=%v", empty, err) - } - - // Remounting again should be fine - if err := td.mountSpecialDirs(); err != nil { - t.Fatalf("error remounting special dirs in %q: %v", td.Dir, err) - } - - // Now unmount - if err := td.unmountSpecialDirs(); err != nil { - t.Fatalf("error unmounting special dirs in %q: %v", td.Dir, err) - } - if pathExists(filepath.Join(td.Dir, "dev")) { - t.Fatalf("dev was not removed from %q", td.Dir) - } - if pathExists(filepath.Join(td.Dir, "proc")) { - t.Fatalf("proc was not removed from %q", td.Dir) - } - if err := td.unmountSpecialDirs(); err != nil { - t.Fatalf("error re-unmounting special dirs in %q: %v", td.Dir, err) - } -} diff --git a/client/allocdir/task_dir_nonlinux.go b/client/allocdir/task_dir_nonlinux.go deleted file mode 100644 index e431587b9..000000000 --- a/client/allocdir/task_dir_nonlinux.go +++ /dev/null @@ -1,13 +0,0 @@ -// +build !linux - -package allocdir - -// currently a noop on non-Linux platforms -func (d *TaskDir) mountSpecialDirs() error { - return nil -} - -// currently a noop on non-Linux platforms -func (d *TaskDir) unmountSpecialDirs() error { - return nil -} diff --git a/drivers/shared/executor/executor_linux.go b/drivers/shared/executor/executor_linux.go index 1a6a5864d..989cea353 100644 --- a/drivers/shared/executor/executor_linux.go +++ b/drivers/shared/executor/executor_linux.go @@ -496,6 +496,12 @@ func configureIsolation(cfg *lconfigs.Config, command *ExecCommand) { Flags: syscall.MS_NOSUID | syscall.MS_STRICTATIME, Data: "mode=755", }, + { + Source: "proc", + Destination: "/proc", + Device: "proc", + Flags: defaultMountFlags, + }, { Source: "devpts", Destination: "/dev/pts",