Skip to content
This repository has been archived by the owner on May 12, 2021. It is now read-only.

Mount the /tmp for guest rootfs on tmpfs. #1751

Closed
amshinde opened this issue May 30, 2019 · 12 comments
Closed

Mount the /tmp for guest rootfs on tmpfs. #1751

amshinde opened this issue May 30, 2019 · 12 comments
Labels
bug Incorrect behaviour

Comments

@amshinde
Copy link
Member

We do not mount /tmp on tmpfs, I see that it is present on /dev/root itself. With the rootfs not being passed read-only, /tmp is no longer writeable.
We need to make sure that /tmp is writeable by mounting it on tmpfs.
@amshinde amshinde added the bug Incorrect behaviour label May 30, 2019
@grahamwhaley
Copy link
Contributor

I'm wondering how our CI apt get test (that looks for a known previous 9p issue) didn't trigger on this, as afaik it creates a bunch of /tmp/ files - unless it has some magic strategy to find some other writeable tmp space. any idea @GabyCT ?

@amshinde
Copy link
Member Author

Due to this bug, we can no longer run Kata with podman. With podman passing /dev as tmpcopyup, libcontainer attempts to create temporary files under the guest /tmp and fails.
containers/podman#3229

@amshinde
Copy link
Member Author

@grahamwhaley does the apt-get run inside the container? The container /tmp is mounted on tmpfs, but the guest /tmp is not.

@GabyCT
Copy link
Contributor

GabyCT commented May 30, 2019

@amshinde here it is the docker integration test that we have for apt-get
https://github.com/kata-containers/tests/blob/master/integration/docker/package_manager_test.go#L54

@amshinde
Copy link
Member Author

@GabyCT Thanks. Yeah, that should write to the container /tmp and not guest /tmp
cc @devimc
We added a fix for chrony to link /var/tmp to /tmp, so that we could write to /var/tmp, but looks like /tmp is not writable itself. (We do not have this issue in case of initrd since the agent mounts /tmp)

We can fix this by adding a /tmp entry under /etc/fstab maybe?
@grahamwhaley WDYT?

@devimc
Copy link

devimc commented May 30, 2019

@amshinde

We can fix this by adding a /tmp entry under /etc/fstab maybe?

I'd prefer to have this in the agent

@amshinde
Copy link
Member Author

@devimc Creating this in the agent might be quite late for services that need /tmp and need to run before the agent.
I suggest going forward, we let systemd handle the rootfs mounts when it is running as init and have agent handle the mounts when the agent is running as init.

@amshinde amshinde mentioned this issue May 30, 2019
Closed
@grahamwhaley
Copy link
Contributor

@amshinde - oh, this is the /tmp inside the 'mini-OS' - the VM root that is outside the container - and not the /tmp inside the container/workloade- right, got it!

@grahamwhaley
Copy link
Contributor

fstab sounds a nicer fix (from the pov of both timing and what you'd expect) for the systemd based rootfs.

@egernst
Copy link
Member

egernst commented Jun 10, 2019

@amshinde any updates here? Sounds like you're making the applicable changes in the agent and osbuilder repositories?

@amshinde
Copy link
Member Author

The os-builder PR has been merged @egernst. The agent PR is pending: kata-containers/agent#564

@amshinde
Copy link
Member Author

Closing this, as both PRs on os-builder and agent have been merged.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Incorrect behaviour
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@grahamwhaley @amshinde @devimc @egernst @GabyCT