Proposal: Add mount hook

[hustcat]

Mount in runc contain PremountCmds and PostmountCmds fields.
Howerver, there are no corresponding fields in Mount of runtim-spec.

Mount hook is useful, I'd like to add it in runtime-spec, such as:

type Mount struct {
	// Destination is the path where the mount will be placed relative to the container's root.  The path and child directories MUST exist, a runtime MUST NOT create directories automatically to a mount point.
	Destination string `json:"destination"`
	// Type specifies the mount kind.
	Type string `json:"type"`
	// Source specifies the source path of the mount.  In the case of bind mounts on
	// Linux based systems this would be the file on the host.
	Source string `json:"source"`
	// Options are fstab style mount options.
	Options []string `json:"options,omitempty"`
        // Optional Command to be run before Source is mounted.
        PremountCmds []Hook `json:"premount,omitempty"`
        // Optional Command to be run after Source is mounted.
        PostmountCmds []Hook `json:"postmount,omitempty"`
}

[wking]

On Wed, Dec 14, 2016 at 08:16:20PM -0800, Ye Yin wrote: Mount hook is useful…

Can you give some example use-cases? As it stands, you're free to setup an external mount namespace any way you like and then set linux.namespaces[].path for the mount namespace to join your prepared namespace. The trade-off when landing something like pre-/post-mount hooks in the spec is whether the use cases it supports justify the increased complication for everyone else.

[hustcat]

There maybe lots of use-cases, and I give two examples here:
(1) According to this post, when we mount a new devps instance, we should change /dev/ptmx to be a symbolic link to pts/ptmx. We can use Postmount command to this, just do as here.

(2)I want to run systemd in container with cgroup enabled in container, when cgroupfs is mounted in container, I want to mkdir systemd in directory/sys/fs/cgroup of container, so that systemd can run successfully.
Now, I have to mount tmpfs at /sys/fs/cgroup of host, then mkdir /sys/fs/cgroup/systemd, then use -v /sys/fs/cgroup:/sys/fs/cgroup to bind mount to container, this is not a good idea. More about this, see here.

There maybe more...

[crosbymichael]

I don't think this belongs in the spec and should be left out. @mrunalp would know more though

[mrunalp]

@hustcat We have been able to use the pre-start hooks to manipulate the mounts as needed. PTAL at oci-systemd-hook. I don't think that we need additional mount hooks. A combination of pre-start hooks and create-start split should cover these use cases if not directly covered by passing the mounts to config.json.