Skip to content

Commit a6c4f38

Browse files
wkingwking
committed
libcontainer/specconv/spec_linux: defaults should not be a no-op
It has been since it landed in 9fac183 (Initial commit of runc binary, 2015-06-21), but the spec currently references mount(8) for these options [1] and mount(8) has: defaults Use the default options: rw, suid, dev, exec, auto, nouser, and async. Note that the real set of all default mount options depends on kernel and filesystem type. See the beginning of this section for more details. I exepect that "real set" paragraph applies to: Note that filesystems also have per-filesystem specific default mount options (see for example tune2fs -l output for extN filesystems). This commit sets up 'defaults' according to that option list, but does not do anything about 'auto' or 'nouser', which do not map to MS_* flags and only apply to fstab entries. For what its worth, util-linux 2.28.2 seems to ignore 'defaults' instead of clearing bits: # strace -o /tmp/trace mount -t tmpfs -o ro,defaults - /tmp/a # grep 'mount(' /tmp/trace mount("-", "/tmp/a", "tmpfs", MS_MGC_VAL|MS_RDONLY, NULL) = 0 While a single-bit clear option does unset an earlier bit: # strace -o /tmp/trace mount -t tmpfs -o ro,rw - /tmp/a # grep 'mount(' /tmp/trace mount("-", "/tmp/a", "tmpfs", MS_MGC_VAL, NULL) = 0 but the spec is currnently punting to the util-linux mount(8) page and not to the util-linux implementation. [1]: https://github.com/opencontainers/runtime-spec/blame/v1.0.0-rc5/config.md#L68 [2]: http://man7.org/linux/man-pages/man8/mount.8.html#FILESYSTEM-INDEPENDENT_MOUNT%20OPTIONS Signed-off-by: W. Trevor King <[email protected]>
1 parent 2daa115 commit a6c4f38

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

libcontainer/specconv/spec_linux.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -641,7 +641,7 @@ func parseMountOptions(options []string) (int, []int, string, int) {
641641
"async": {true, syscall.MS_SYNCHRONOUS},
642642
"atime": {true, syscall.MS_NOATIME},
643643
"bind": {false, syscall.MS_BIND},
644-
"defaults": {false, 0},
644+
"defaults": {true, syscall.MS_NODEV | syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_RDONLY | syscall.MS_SYNCHRONOUS },
645645
"dev": {true, syscall.MS_NODEV},
646646
"diratime": {true, syscall.MS_NODIRATIME},
647647
"dirsync": {false, syscall.MS_DIRSYNC},

0 commit comments

Comments
 (0)