Merge pull request #818 from Random-Liu/cherrypick-#816

Fix double /dev/shm mount.
containerd · Jun 15, 2018 · 164ac36 · 164ac36
2 parents fb722f5 + 25b2e87
commit 164ac36
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/pkg/server/container_create.go b/pkg/server/container_create.go
@@ -777,6 +777,10 @@ func defaultRuntimeSpec(id string) (*runtimespec.Spec, error) {
 		if mount.Destination == "/run" {
 			continue
 		}
+		// CRI plugin handles `/dev/shm` itself.
+		if mount.Destination == "/dev/shm" {
+			continue
+		}
 		mounts = append(mounts, mount)
 	}
 	spec.Mounts = mounts

diff --git a/pkg/server/sandbox_run.go b/pkg/server/sandbox_run.go
@@ -388,6 +388,14 @@ func (c *criService) generateSandboxContainerSpec(id string, config *runtime.Pod
 		g.RemoveLinuxNamespace(string(runtimespec.IPCNamespace)) // nolint: errcheck
 	}
 
+	// It's fine to generate the spec before the sandbox /dev/shm
+	// is actually created.
+	sandboxDevShm := c.getSandboxDevShm(id)
+	if nsOptions.GetIpc() == runtime.NamespaceMode_NODE {
+		sandboxDevShm = devShm
+	}
+	g.AddBindMount(sandboxDevShm, devShm, []string{"rbind", "ro"})
+
 	selinuxOpt := securityContext.GetSelinuxOptions()
 	processLabel, mountLabel, err := initSelinuxOpts(selinuxOpt)
 	if err != nil {