Skip to content

linux: attempt to make rootfs private too#1520

Merged
giuseppe merged 4 commits intocontainers:mainfrom
giuseppe:improve-make-parent-private
Aug 13, 2024
Merged

linux: attempt to make rootfs private too#1520
giuseppe merged 4 commits intocontainers:mainfrom
giuseppe:improve-make-parent-private

Conversation

@giuseppe
Copy link
Member

@giuseppe giuseppe commented Aug 12, 2024

commit 6682432 introduced the regression. After that change, crun does not attempt anymore to make the rootfs directory private but starts from its parent directory, causing pivot_root to fail when the rootfs itself is a mountpoint.

Closes: #1514

@packit-as-a-service
Copy link

packit-as-a-service bot commented Aug 12, 2024

We were not able to find or create Copr project packit/containers-crun-1520 specified in the config with the following error:

Packit received HTTP 500 Internal Server Error from Copr Service. Check the Copr status page: https://copr.fedorainfracloud.org/status/stats/, or ask for help in Fedora Build System matrix channel https://matrix.to/#/#buildsys:fedoraproject.org.

Unless the HTTP status code above is >= 500, please check your configuration for:

  1. typos in owner and project name (groups need to be prefixed with @)
  2. whether the project name doesn't contain not allowed characters (only letters, digits, underscores, dashes and dots must be used)
  3. whether the project itself exists (Packit creates projects only in its own namespace)
  4. whether Packit is allowed to build in your Copr project
  5. whether your Copr project/group is not private

@giuseppe
Copy link
Member Author

giuseppe commented Aug 12, 2024

please don't merge until we confirm it fixes #1514

@giuseppe giuseppe mentioned this pull request Aug 12, 2024
Closed
@giuseppe
linux: fix error message
f23aaa1 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe
container: fix comment
109f1e9 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe
linux: attempt to make rootfs private too
c6ecb3b 
commit 6682432 introduced the
regression.  After that change, crun does not attempt anymore to make
the rootfs directory private but starts from its parent directory,
causing pivot_root to fail when the rootfs itself is a mountpoint.

Closes: containers#1514

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe giuseppe force-pushed the improve-make-parent-private branch from 28f456c to 99be8c9 Compare August 13, 2024 14:00
@giuseppe giuseppe marked this pull request as ready for review August 13, 2024 14:00
@giuseppe
Copy link
Member Author

giuseppe commented Aug 13, 2024

rebased, I'll merge once CI passes

@giuseppe
NEWS: tag 1.16.1
afa829c 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe giuseppe force-pushed the improve-make-parent-private branch from 99be8c9 to afa829c Compare August 13, 2024 14:21
flouthoc
flouthoc approved these changes Aug 13, 2024
View reviewed changes
Copy link
Collaborator

@flouthoc flouthoc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rhatdan
Copy link
Member

rhatdan commented Aug 13, 2024

LGTM

@giuseppe giuseppe merged commit 26c7687 into containers:main Aug 13, 2024
@majamassarini majamassarini mentioned this pull request Aug 14, 2024
Merged
@FrostyX FrostyX mentioned this pull request Aug 14, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@flouthoc flouthoc flouthoc approved these changes

+1 more reviewer

@saschagrunert saschagrunert saschagrunert approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

4 participants

@giuseppe @rhatdan @saschagrunert @flouthoc