We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Always mount a /run tmpfs in the container

All modern distros set up /run to be a tmpfs, see for instance:
https://wiki.debian.org/ReleaseGoals/RunDirectory

Its a very useful place to store pid-files, sockets and other things
that only live at runtime and that should not be stored in the image.

This is also useful when running systemd inside a container, as it
will try to mount /run if not already mounted, which will fail for
non-privileged container.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Alexander Larsson 11 years ago
parent
30a40de205
commit
905795ece6
3 changed files with 3 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      daemon/execdriver/lxc/lxc_template.go
  2. 1 0
      graph/graph.go
  3. 1 0
      pkg/libcontainer/mount/init.go

+ 1 - 0
daemon/execdriver/lxc/lxc_template.go
View File 

@@ -90,6 +90,7 @@ lxc.pivotdir = lxc_putold
 
 # We cannot mount them directly read-only, because that would prevent loading AppArmor profiles.
 
 lxc.mount.entry = proc {{escapeFstabSpaces $ROOTFS}}/proc proc nosuid,nodev,noexec 0 0
 
 lxc.mount.entry = sysfs {{escapeFstabSpaces $ROOTFS}}/sys sysfs nosuid,nodev,noexec 0 0
 
+lxc.mount.entry = tmpfs {{escapeFstabSpaces $ROOTFS}}/run tmpfs nosuid,nodev,noexec 0 0
 
 
 {{if .Tty}}
 
 lxc.mount.entry = {{.Console}} {{escapeFstabSpaces $ROOTFS}}/dev/console none bind,rw 0 0

+ 1 - 0
graph/graph.go
View File 

@@ -254,6 +254,7 @@ func SetupInitLayer(initLayer string) error {
 
 		"/dev/pts":         "dir",
 
 		"/dev/shm":         "dir",
 
 		"/proc":            "dir",
 
+		"/run":             "dir",
 
 		"/sys":             "dir",
 
 		"/.dockerinit":     "file",
 
 		"/.dockerenv":      "file",

+ 1 - 0
pkg/libcontainer/mount/init.go
View File 

@@ -156,6 +156,7 @@ func newSystemMounts(rootfs, mountLabel string, mounts libcontainer.Mounts) []mo
 
 		{source: "sysfs", path: filepath.Join(rootfs, "sys"), device: "sysfs", flags: defaultMountFlags},
 
 		{source: "shm", path: filepath.Join(rootfs, "dev", "shm"), device: "tmpfs", flags: defaultMountFlags, data: label.FormatMountLabel("mode=1777,size=65536k", mountLabel)},
 
 		{source: "devpts", path: filepath.Join(rootfs, "dev", "pts"), device: "devpts", flags: syscall.MS_NOSUID | syscall.MS_NOEXEC, data: label.FormatMountLabel("newinstance,ptmxmode=0666,mode=620,gid=5", mountLabel)},
 
+		{source: "tmpfs", path: filepath.Join(rootfs, "run"), device: "tmpfs", flags: defaultMountFlags},
 
 	}
 
 
 	if len(mounts.OfType("devtmpfs")) == 1 {

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5