Use OverflayFS instead of bind mounts #164
Comments
|
@Infinoid thanks for reporting this. Yes, I indeed added the creation of empty files/directories in order to have a target for the bind mount. I think we have two options:
|
|
I like the overlayfs idea. Another option would be to make the file in /tmp, and then bind-mount that. I've been very focused on this one |
|
I think there are two problems with making changes to /etc, even temporarily:
|
I agree. We should not touch
No, that wouldnt work. As we need to have a file/directory in place at the target site ( I would like to focus on the OverlayFS approach. I made a simple test on my machine with promising results. |
stv0g
changed the title
|
My initial PoC for using OverlayFS has stalled as I ran into two blocking issues:
For these reasons, I have decided that I will stick with the the bind mount points and revert my previous changes which created empty targets directories & files. By Gont's current defaults, we are only attempting to bind mount the following (patched) files:
We may even skip the bind mounts and just show a small warning? Or nothing at all. Using an OverlayFS might still be benefitial in some use cases. However, those are probably better addressed by using a proper container runtime. Supporting those better is now on the agenda (see #5). |
PR #162 fixed a bug where executing a command in a Node failed to bind-mount a nonexistent file. However, it fixes this by creating an empty file and then bind-mounting those. After this, iproute2 will see the empty file and behave differently, running on a Node or running natively.
The iproute2 package recently (v6.5.0) changed to not install config files in
/etc/iproute2. Instead, it puts default configs in/usr/share/iproute2, leaving/etc/iproute2for system administrators who want to override those defaults.[Note: The path
/usr/share/iproute2depends on the build configuration. That is where the Debian package puts it; other builds may have different paths.]Gont tries to bind-mount the
/etc/iproute2/groupfile into a mount namespace. If it can't find the file, it creates an empty one. This effectively overrides the defaults in /usr/share/iproute2.This function in the iproute2 sources tries to open the file in /etc. If it doesn't find one, it tries to open the default file in /usr instead. The file in /etc prevents it from looking in /usr.
So, on a machine which has never run gont:
groupconfig0 defaultOn that same machine, after gont ran:
groupconfigI don't know exactly what happens when iproute2 has no groups. But its configuration has changed, and that's the bug.
What do you think about leaving it unmounted, instead? If a native process doesn't see the file, it uses the default instead. I think the same process running in a mount namespace will also use the default, and that's what we want.
The text was updated successfully, but these errors were encountered: