Automatically set may_detach_mounts=1 on startup
This is kernel config available in RHEL7.4 based kernels that enables mountpoint removal where the mountpoint exists in other namespaces. In particular this is important for making this pattern work: ``` umount -l /some/path rm -r /some/path ``` Where `/some/path` exists in another mount namespace. Setting this value will prevent `device or resource busy` errors when attempting to the removal of `/some/path` in the example. This setting is the default, and non-configurable, on upstream kernels since 3.15. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This commit is contained in:
Brian Goff
parent
c5c0702a4d
commit
83c2152de5
1 changed files with 33 additions and 1 deletions
|
|
@ -1297,7 +1297,39 @@ func rootFSToAPIType(rootfs *image.RootFS) types.RootFS {
|
|||
// setupDaemonProcess sets various settings for the daemon's process
|
||||
func setupDaemonProcess(config *config.Config) error {
|
||||
// setup the daemons oom_score_adj
|
||||
return setupOOMScoreAdj(config.OOMScoreAdjust)
|
||||
if err := setupOOMScoreAdj(config.OOMScoreAdjust); err != nil {
|
||||
return err
|
||||
}
|
||||
return setMayDetachMounts()
|
||||
}
|
||||
|
||||
// This is used to allow removal of mountpoints that may be mounted in other
|
||||
// namespaces on RHEL based kernels starting from RHEL 7.4.
|
||||
// Without this setting, removals on these RHEL based kernels may fail with
|
||||
// "device or resource busy".
|
||||
// This setting is not available in upstream kernels as it is not configurable,
|
||||
// but has been in the upstream kernels since 3.15.
|
||||
func setMayDetachMounts() error {
|
||||
f, err := os.OpenFile("/proc/sys/fs/may_detach_mounts", os.O_WRONLY, 0)
|
||||
if err != nil {
|
||||
if os.IsNotExist(err) {
|
||||
return nil
|
||||
}
|
||||
return errors.Wrap(err, "error opening may_detach_mounts kernel config file")
|
||||
}
|
||||
defer f.Close()
|
||||
|
||||
_, err = f.WriteString("1")
|
||||
if os.IsPermission(err) {
|
||||
// Setting may_detach_mounts does not work in an
|
||||
// unprivileged container. Ignore the error, but log
|
||||
// it if we appear not to be in that situation.
|
||||
if !rsystem.RunningInUserNS() {
|
||||
logrus.Debugf("Permission denied writing %q to /proc/sys/fs/may_detach_mounts", "1")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func setupOOMScoreAdj(score int) error {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue