From 19662cfcd438ee14a6eebb35db0db33493739c4c Mon Sep 17 00:00:00 2001 From: Juan Hernandez Date: Wed, 7 Sep 2022 19:20:17 +0200 Subject: [PATCH] Don't use shared bind mounts Currently podman is invoked with options to mount both the workspace directory and some of the files it contains. For example, if the workspace is `/root`: ``` -v /root/.netrc:/root/.netrc:ro -v /root:/root:rw,shared ``` The workspace directory is mounted using the _shared_ option. This results in leaking mount points at an exponential rate, as descrived in this _podman_ issue (no closed, as it is the expected behaviour): https://github.com/containers/podman/issues/15671 This _shared_ option is not really needed. This patch removes it. Signed-off-by: Juan Hernandez --- skipper/runner.py | 2 +- tests/test_runner_podman.py | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/skipper/runner.py b/skipper/runner.py index bc9958f..5f2e03f 100644 --- a/skipper/runner.py +++ b/skipper/runner.py @@ -138,7 +138,7 @@ def handle_volumes_bind_mount(docker_cmd, homedir, volumes, workspace): if utils.get_runtime_command() == utils.PODMAN: volumes.extend([ - '%(workspace)s:%(workspace)s:rw,shared' % dict(workspace=workspace), + '%(workspace)s:%(workspace)s:rw' % dict(workspace=workspace), '%s:/opt/skipper/skipper-entrypoint.sh:rw' % utils.get_extra_file("skipper-entrypoint.sh"), ]) if os.path.exists('/var/run/docker.sock'): diff --git a/tests/test_runner_podman.py b/tests/test_runner_podman.py index a9ad1a1..4bd33cd 100644 --- a/tests/test_runner_podman.py +++ b/tests/test_runner_podman.py @@ -86,7 +86,7 @@ def test_run_simple_command_nested_network_exist(self, resource_filename_mock, c '-v', get_volume_mapping('%(homedir)s/.gitconfig:%(homedir)s/.gitconfig:ro' % dict(homedir=HOME_DIR)), '-v', get_volume_mapping('%(homedir)s/.docker/config.json:%(homedir)s/.docker/config.json:ro' % dict(homedir=HOME_DIR)), '-v', get_volume_mapping('/etc/docker:/etc/docker:ro'), - '-v', get_volume_mapping('%(workdir)s:%(workdir)s:rw,shared' % dict(workdir=WORKDIR)), + '-v', get_volume_mapping('%(workdir)s:%(workdir)s:rw' % dict(workdir=WORKDIR)), '-v', get_volume_mapping('entrypoint.sh:/opt/skipper/skipper-entrypoint.sh:rw'), '-v', get_volume_mapping('/var/run/docker.sock:/var/run/docker.sock:rw'), '-v', get_volume_mapping('/var/lib/osmosis:/var/lib/osmosis:rw'), @@ -127,7 +127,7 @@ def test_run_simple_command_nested_network_not_exist(self, resource_filename_moc '-v', get_volume_mapping('%(homedir)s/.gitconfig:%(homedir)s/.gitconfig:ro' % dict(homedir=HOME_DIR)), '-v', get_volume_mapping('%(homedir)s/.docker/config.json:%(homedir)s/.docker/config.json:ro' % dict(homedir=HOME_DIR)), '-v', get_volume_mapping('/etc/docker:/etc/docker:ro'), - '-v', get_volume_mapping('%(workdir)s:%(workdir)s:rw,shared' % dict(workdir=WORKDIR)), + '-v', get_volume_mapping('%(workdir)s:%(workdir)s:rw' % dict(workdir=WORKDIR)), '-v', get_volume_mapping('entrypoint.sh:/opt/skipper/skipper-entrypoint.sh:rw'), '-v', get_volume_mapping('/var/run/docker.sock:/var/run/docker.sock:rw'), '-v', get_volume_mapping('/var/lib/osmosis:/var/lib/osmosis:rw'), @@ -168,7 +168,7 @@ def test_run_complex_command_nested(self, resource_filename_mock, check_output_m '-v', get_volume_mapping('%(homedir)s/.gitconfig:%(homedir)s/.gitconfig:ro' % dict(homedir=HOME_DIR)), '-v', get_volume_mapping('%(homedir)s/.docker/config.json:%(homedir)s/.docker/config.json:ro' % dict(homedir=HOME_DIR)), '-v', get_volume_mapping('/etc/docker:/etc/docker:ro'), - '-v', get_volume_mapping('%(workdir)s:%(workdir)s:rw,shared' % dict(workdir=WORKDIR)), + '-v', get_volume_mapping('%(workdir)s:%(workdir)s:rw' % dict(workdir=WORKDIR)), '-v', get_volume_mapping('entrypoint.sh:/opt/skipper/skipper-entrypoint.sh:rw'), '-v', get_volume_mapping('/var/run/docker.sock:/var/run/docker.sock:rw'), '-v', get_volume_mapping('/var/lib/osmosis:/var/lib/osmosis:rw'), @@ -213,7 +213,7 @@ def test_run_non_existent_unauthorized_volume(self, resource_filename_mock, '-v', get_volume_mapping('%(homedir)s/.gitconfig:%(homedir)s/.gitconfig:ro' % dict(homedir=HOME_DIR)), '-v', get_volume_mapping('%(homedir)s/.docker/config.json:%(homedir)s/.docker/config.json:ro' % dict(homedir=HOME_DIR)), '-v', get_volume_mapping('/etc/docker:/etc/docker:ro'), - '-v', get_volume_mapping('%(workdir)s:%(workdir)s:rw,shared' % dict(workdir=WORKDIR)), + '-v', get_volume_mapping('%(workdir)s:%(workdir)s:rw' % dict(workdir=WORKDIR)), '-v', get_volume_mapping('entrypoint.sh:/opt/skipper/skipper-entrypoint.sh:rw'), '-v', get_volume_mapping('/var/run/docker.sock:/var/run/docker.sock:rw'), '-v', get_volume_mapping('/var/lib/osmosis:/var/lib/osmosis:rw'), @@ -256,7 +256,7 @@ def test_run_complex_command_nested_with_env(self, resource_filename_mock, check '-v', get_volume_mapping('%(homedir)s/.gitconfig:%(homedir)s/.gitconfig:ro' % dict(homedir=HOME_DIR)), '-v', get_volume_mapping('%(homedir)s/.docker/config.json:%(homedir)s/.docker/config.json:ro' % dict(homedir=HOME_DIR)), '-v', get_volume_mapping('/etc/docker:/etc/docker:ro'), - '-v', get_volume_mapping('%(workdir)s:%(workdir)s:rw,shared' % dict(workdir=WORKDIR)), + '-v', get_volume_mapping('%(workdir)s:%(workdir)s:rw' % dict(workdir=WORKDIR)), '-v', get_volume_mapping('entrypoint.sh:/opt/skipper/skipper-entrypoint.sh:rw'), '-v', get_volume_mapping('/var/run/docker.sock:/var/run/docker.sock:rw'), '-v', get_volume_mapping('/var/lib/osmosis:/var/lib/osmosis:rw'),