Fix comment lines about the default mount propagation #159

AkihiroSuda · 2023-02-11T12:04:58Z

dockerd's default propagation is "rprivate", not "private": https://github.com/moby/moby/blob/v20.10.23/volume/mounts/linux_parser.go#L145

However, dockerd automatically changes the default propagation to "rslave" when the mount source contains the daemon root (/var/lib/docker):

This behavior was introduced in Docker 18.03 (moby/moby#36055).

A manifest for testing this:

---
apiVersion: v1
kind: Pod
metadata:
  name: propagation-test1
spec:
  containers:
    - name: sleep
      image: busybox
      command: ['sleep', 'infinity']
      volumeMounts:
        - mountPath: /mnt
          name: mnt
          mountPropagation: None
          # The mount propagation `None` is translated to:
          # - cri-dockerd v0.3.0, with Docker v20.10.23: rprivate
          # - containerd v1.6.15: rprivate
          # - CRI-O v1.24.1: rprivate
  volumes:
    - name: mnt
      hostPath:
        path: /mnt
---
apiVersion: v1
kind: Pod
metadata:
  name: propagation-test2
spec:
  containers:
    - name: sleep
      image: busybox
      command: ['sleep', 'infinity']
      volumeMounts:
        - mountPath: /mnt
          name: mnt
          mountPropagation: None
          # The mount propagation `None` is translated to:
          # - cri-dockerd v0.3.0, with Docker v20.10.23: rslave
          # - containerd v1.6.15: rprivate
          # - CRI-O v1.24.1: rprivate
          #
          # Docker changes the default propagation to "rslave",
          # because the mount source (`/`) contains `/var/lib/docker`.
          # - https://github.com/moby/moby/blob/v20.10.23/daemon/volumes.go#L137-L143
          # - https://github.com/moby/moby/blob/v20.10.23/daemon/volumes_linux.go#L11-L36
          #
          # This behavior was introduced in Docker 18.03: https://github.com/moby/moby/pull/36055
          #
          # containerd and CRI-O do not automatically change the propagation:
          # - https://github.com/containerd/containerd/blob/v1.6.15/pkg/cri/opts/spec_linux.go#L181
          # - https://github.com/cri-o/cri-o/blob/v1.24.1/server/container_create_linux.go#L967
  volumes:
    - name: mnt
      hostPath:
        path: /

dockerd's default propagation is "rprivate", not "private": https://github.com/moby/moby/blob/v20.10.23/volume/mounts/linux_parser.go#L145 However, dockerd automatically changes the default propagation to "rslave" when the mount source contains the daemon root (`/var/lib/docker`): - https://github.com/moby/moby/blob/v20.10.23/daemon/volumes.go#L137-L143 - https://github.com/moby/moby/blob/v20.10.23/daemon/volumes_linux.go#L11-L36 This behavior was introduced in Docker 18.03 (moby/moby PR 36055). Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

AkihiroSuda mentioned this pull request Feb 11, 2023

mountPropagation: None equates to rprivate, not private kubernetes/website#39385

Merged

AkihiroSuda force-pushed the fix-propagation-comment branch from 6b2c871 to c708754 Compare February 11, 2023 12:20

AkihiroSuda force-pushed the fix-propagation-comment branch from c708754 to dafa7f8 Compare February 11, 2023 13:27

AkihiroSuda mentioned this pull request Feb 11, 2023

cri-api: fix comment lines about PROPAGATION_PRIVATE kubernetes/kubernetes#115704

Merged

neersighted approved these changes Feb 11, 2023

View reviewed changes

evol262 merged commit 6daf9ac into Mirantis:master Feb 11, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix comment lines about the default mount propagation #159

Fix comment lines about the default mount propagation #159

AkihiroSuda commented Feb 11, 2023 •

edited

Loading

Fix comment lines about the default mount propagation #159

Fix comment lines about the default mount propagation #159

Conversation

AkihiroSuda commented Feb 11, 2023 • edited Loading

AkihiroSuda commented Feb 11, 2023 •

edited

Loading