From: Mike Rapoport <rppt@kernel.org>
To: cgel.zte@gmail.com
Cc: mhiramat@kernel.org, viro@zeniv.linux.org.uk,
keescook@chromium.org, samitolvanen@google.com, ojeda@kernel.org,
johan@kernel.org, bhelgaas@google.com, elver@google.com,
masahiroy@kernel.org, zhang.yunkai@zte.com.cn, axboe@kernel.dk,
vgoyal@redhat.com, jack@suse.cz, leon@kernel.org,
akpm@linux-foundation.org, linux@rasmusvillemoes.dk,
palmerdabbelt@google.com, f.fainelli@gmail.com,
wangkefeng.wang@huawei.com, rostedt@goodmis.org,
ahalaney@redhat.com, valentin.schneider@arm.com,
peterz@infradead.org, geert@linux-m68k.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
dong.menglong@zte.com.cn
Subject: Re: [PATCH v7 2/2] init/do_mounts.c: create second mount for initramfs
Date: Tue, 18 Jan 2022 09:41:02 +0200 [thread overview]
Message-ID: <YeZvDrUexrOqvmnF@kernel.org> (raw)
In-Reply-To: <20220117134352.866706-3-zhang.yunkai@zte.com.cn>
On Mon, Jan 17, 2022 at 01:43:52PM +0000, cgel.zte@gmail.com wrote:
> From: Zhang Yunkai <zhang.yunkai@zte.com.cn>
>
> If using container platforms such as Docker, upon initialization it
> wants to use pivot_root() so that currently mounted devices do not
> propagate to containers. An example of value in this is that
> a USB device connected prior to the creation of a containers on the
> host gets disconnected after a container is created; if the
> USB device was mounted on containers, but already removed and
> umounted on the host, the mount point will not go away until all
> containers unmount the USB device.
>
> Another reason for container platforms such as Docker to use pivot_root
> is that upon initialization the net-namspace is mounted under
> /var/run/docker/netns/ on the host by dockerd. Without pivot_root
> Docker must either wait to create the network namespace prior to
> the creation of containers or simply deal with leaking this to each
> container.
>
> pivot_root is supported if the rootfs is a initrd or block device, but
> it's not supported if the rootfs uses an initramfs (tmpfs). This means
> container platforms today must resort to using block devices if
> they want to pivot_root from the rootfs. A workaround to use chroot()
> is not a clean viable option given every container will have a
> duplicate of every mount point on the host.
Sorry if this was already answered.
My understanding is that you have initramfs with docker installed on it and
with one or more container images packed there. And the desire is to use
this initramfs to run docker containers and for that you need to enable
pivot_root for initramfs.
Have you tried packing docker and the containers to a block image that can
be loop-mounted from the initramfs? Then you can chroot to that loop
mounted filesystem and there pivot_root will be available for docker.
> In order to support using container platforms such as Docker on
> all the supported rootfs types we must extend Linux to support
> pivot_root on initramfs as well. This patch does the work to do
> just that.
--
Sincerely yours,
Mike.
prev parent reply other threads:[~2022-01-18 7:41 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-17 13:43 [PATCH v7 0/2] init/initramfs.c: make initramfs support pivot_root cgel.zte
2022-01-17 13:43 ` [PATCH v7 1/2] init/main.c: introduce function ramdisk_exec_exist() cgel.zte
2022-01-17 13:43 ` [PATCH v7 2/2] init/do_mounts.c: create second mount for initramfs cgel.zte
2022-01-18 7:41 ` Mike Rapoport [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YeZvDrUexrOqvmnF@kernel.org \
--to=rppt@kernel.org \
--cc=ahalaney@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=bhelgaas@google.com \
--cc=cgel.zte@gmail.com \
--cc=dong.menglong@zte.com.cn \
--cc=elver@google.com \
--cc=f.fainelli@gmail.com \
--cc=geert@linux-m68k.org \
--cc=jack@suse.cz \
--cc=johan@kernel.org \
--cc=keescook@chromium.org \
--cc=leon@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=masahiroy@kernel.org \
--cc=mhiramat@kernel.org \
--cc=ojeda@kernel.org \
--cc=palmerdabbelt@google.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=samitolvanen@google.com \
--cc=valentin.schneider@arm.com \
--cc=vgoyal@redhat.com \
--cc=viro@zeniv.linux.org.uk \
--cc=wangkefeng.wang@huawei.com \
--cc=zhang.yunkai@zte.com.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).