rpms / toolbox

Clone
Source Code
GIT

Files

  1.   6a258f8e19ad114daabb08fbd88f0471edcb52a3
  2.   SOURCES
  3.   toolbox-cmd-create-Expose-the-host-s-entire-in-the-container.patch
Blob Blame History Raw 
From d03a5fee80f2f72da6a409f7ebc3b6caf21506e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20M=C3=ADchal?= <harrymichal@seznam.cz>
Date: Sat, 3 Jul 2021 20:39:49 +0200
Subject: [PATCH] cmd/create: Expose the host's entire / in the container at
 /run/host

Having the entire host file system hierarchy mounted inside a toolbox
container gives the containers a more complete environment that's
resilient against future changes in the layout of the file system
hierarchy and the need for giving access to new paths to support new
use-cases. Otherwise, one would have to create a new container to get
access to any path that lies outside the /boot, /etc, /run, /tmp, /usr
and /var directories.

As a nice side-effect, this also simplifies the bind mount handling
code.

https://github.com/containers/toolbox/pull/827
---
 src/cmd/create.go | 29 +----------------------------
 1 file changed, 1 insertion(+), 28 deletions(-)

diff --git a/src/cmd/create.go b/src/cmd/create.go
index ff533c26db98..297b336f6382 100644
--- a/src/cmd/create.go
+++ b/src/cmd/create.go
@@ -265,28 +265,6 @@ func createContainer(container, image, release string, showCommandToEnter bool)
 	logrus.Debugf("%s canonicalized to %s", currentUser.HomeDir, homeDirEvaled)
 	homeDirMountArg := homeDirEvaled + ":" + homeDirEvaled + ":rslave"
 
-	bootMountFlags := "ro"
-	isBootReadWrite, err := isPathReadWrite("/boot")
-	if err != nil {
-		return err
-	}
-	if isBootReadWrite {
-		bootMountFlags = "rw"
-	}
-
-	bootMountArg := "/boot:/run/host/boot:" + bootMountFlags + ",rslave"
-
-	usrMountFlags := "ro"
-	isUsrReadWrite, err := isPathReadWrite("/usr")
-	if err != nil {
-		return err
-	}
-	if isUsrReadWrite {
-		usrMountFlags = "rw"
-	}
-
-	usrMountArg := "/usr:/run/host/usr:" + usrMountFlags + ",rslave"
-
 	var avahiSocketMount []string
 
 	avahiSocket, err := getServiceSocket("Avahi", "avahi-daemon.socket")
@@ -423,16 +401,11 @@ func createContainer(container, image, release string, showCommandToEnter bool)
 	createArgs = append(createArgs, []string{
 		"--userns", usernsArg,
 		"--user", "root:root",
-		"--volume", "/etc:/run/host/etc",
+		"--volume", "/:/run/host:rslave",
 		"--volume", "/dev:/dev:rslave",
-		"--volume", "/run:/run/host/run:rslave",
-		"--volume", "/tmp:/run/host/tmp:rslave",
-		"--volume", "/var:/run/host/var:rslave",
-		"--volume", bootMountArg,
 		"--volume", dbusSystemSocketMountArg,
 		"--volume", homeDirMountArg,
 		"--volume", toolboxPathMountArg,
-		"--volume", usrMountArg,
 		"--volume", runtimeDirectoryMountArg,
 	}...)
 
-- 
2.31.1

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation