From 051d51b22212bb570998e8cf3593036177c4a647 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Thu, 10 Aug 2023 15:33:06 +0200 Subject: [PATCH] c8d/export: Use ref counted mounter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit To prevent mounting the container rootfs in a rw mode if it's already mounted. This can't use `mount.WithReadonlyTempMount` because the archive code does a chroot with a pivot_root, which creates a new directory in the rootfs. Signed-off-by: Paweł Gronowski --- daemon/containerd/image_exporter.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/daemon/containerd/image_exporter.go b/daemon/containerd/image_exporter.go index bb6011ee67..9a663e4479 100644 --- a/daemon/containerd/image_exporter.go +++ b/daemon/containerd/image_exporter.go @@ -12,7 +12,6 @@ import ( "github.com/containerd/containerd/images/archive" "github.com/containerd/containerd/leases" "github.com/containerd/containerd/log" - "github.com/containerd/containerd/mount" cplatforms "github.com/containerd/containerd/platforms" "github.com/docker/distribution/reference" "github.com/docker/docker/container" @@ -30,7 +29,13 @@ func (i *ImageService) PerformWithBaseFS(ctx context.Context, c *container.Conta if err != nil { return err } - return mount.WithTempMount(ctx, mounts, fn) + path, err := i.refCountMounter.Mount(mounts, c.ID) + if err != nil { + return err + } + defer i.refCountMounter.Unmount(path) + + return fn(path) } // ExportImage exports a list of images to the given output stream. The