Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--tmpfs defaults are not compatible with docker #3780

Closed
computator opened this issue Aug 11, 2019 · 6 comments · Fixed by #3805
Closed

--tmpfs defaults are not compatible with docker #3780

computator opened this issue Aug 11, 2019 · 6 comments · Fixed by #3805
Assignees
@ashley-cui
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@computator
Copy link

/kind bug

The --tmpfs option (and probably --mount too) defaults to 64MB of space, vs docker's default size is unlimited according to this documentation of tmpfs-size.

In addition, Docker's --tmpfs doesn't allow any options, but podman's has several. I'm not too concerned about this one though since the tmpfs syntax for podman is a superset of Docker's.

Output of podman version:

podman version 1.4.4
@openshift-ci-robot openshift-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Aug 11, 2019
@rhatdan
Copy link
Member

rhatdan commented Aug 12, 2019

@ashley-cui PTAL, just change the --tmpfs to not be confined to 64k.

@rhatdan
Copy link
Member

rhatdan commented Aug 12, 2019

Or @computator if you want to take a stab at fixing it. PRs welcome...

@ashley-cui
Copy link
Member

@ashley-cui PTAL, just change the --tmpfs to not be confined to 64k.

@rhatdan should I just remove the default value for --tmpfs? How would I test this?

@ashley-cui
Copy link
Member

ashley-cui commented Aug 13, 2019
edited
Loading

@rhatdan When the --tmpfs flag is used in docker, no defaults are set. However, in podman, it automatically sets various defaults:

$docker create --name test --tmpfs /a alpine
docker inspect test 
...
"Tmpfs": {
    "/a": ""
}

$podman create --name test --tmpfs /a alpine
podman inspect test 
...
"Tmpfs": {
                "/a": "noexec,nosuid,nodev,rw,size=65536k,rprivate,tmpcopyup"
            }

Should this also be fixed? I'm not really sure where the size and other defaults are used later in control flow, so I'm wary of how to manipulate it.

@mheon
Copy link
Member

mheon commented Aug 13, 2019

Related: #3803

We set these defaults largely for security. I think that 65MB is a safe default that can be increased if required.

@rhatdan
Copy link
Member

rhatdan commented Aug 13, 2019

I would remove the 65mb, since this is still controlled by the cgroup. The tmpfs space is < 50% of all available Memory for all tmpfs in the contianer (Memory cgroup).
The other flags should stay. I don't see a problem with nodev, nosuid. Perhaps we should eliminate noexec.

@ashley-cui ashley-cui mentioned this issue Aug 13, 2019
Merged
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 23, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ashley-cui ashley-cui

Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove --tmpfs size default ashley-cui/podman
5 participants
@rhatdan @computator @mheon @openshift-ci-robot @ashley-cui