docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/daemon
History
Vivek Goyal e076bccb45 Make overlay home dir Private mount 
People have reported following issue with overlay

$ docker run -ti --name=foo -v /dev/:/dev fedora bash
$ docker cp foo:/bin/bash /tmp
$ exit container

Upon container exit, /dev/pts gets unmounted too. This happens because
docker cp volume mounts get propagated to /run/docker/libcontainer/....
and when container exits, it must be tearing down mount point under
/run/docker/libcontainerd/... and as these are "shared" mounts it
propagates events to /dev/pts and it gets unmounted too.

One way to solve this problem is to make sure "docker cp" volume mounts
don't become visible under /run/docker/libcontainerd/..

Here are more details of what is actually happening.

Make overlay home directory (/var/lib/docker/overlay) private mount when
docker starts and unmount it when docker stops. Following is the reason
to do it.

In fedora and some other distributions / is "shared". That means when
docker creates a container and mounts it root in /var/lib/docker/overlay/...
that mount point is "shared".

Looks like after that containerd/runc bind mounts that rootfs into
/runc/docker/libcontainerd/container-id/rootfs. And this puts both source
and destination mounts points in shared group and they both are setup
to propagate mount events to each other.

Later when "docker cp" is run it sets up container volumes under
/var/lib/dokcer/overlay/container-id/... And all these mounts propagate
to /runc/docker/libcontainerd/... Now mountVolumes() makes these new
mount points private but by that time propagation already has happened
and private only takes affect when unmount happens.

So to stop this propagation of volumes by docker cp, make
/var/lib/docker/overlay a private mount point. That means when a container
rootfs is created, that mount point will be private too (it will inherit
property from parent). And that means when bind mount happens in /runc/
dir, overlay mount point will not propagate mounts to /runc/.

Other graphdrivers like devicemapper are already doing it and they don't
face this issue.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
 		2016-04-18 21:48:09 +00:00
..
caps Replace execdrivers with containerd implementation 2016-03-18 13:38:32 -07:00
events Compare event nanoseconds properly to filter since a specific date. 2016-03-08 17:07:58 -05:00
exec Replace execdrivers with containerd implementation 2016-03-18 13:38:32 -07:00
graphdriver Make overlay home dir Private mount 2016-04-18 21:48:09 +00:00
links Replace usage of pkg/nat with go-connections/nat. 2015-12-22 13:31:46 -05:00
logger enable syslog logger to have access to env and labels 2016-04-08 19:50:18 -05:00
network Remove runconfig package dependency from image and container routers. 2016-03-28 16:23:51 -04:00
apparmor_default.go Replace execdrivers with containerd implementation 2016-03-18 13:38:32 -07:00
apparmor_default_unsupported.go Replace execdrivers with containerd implementation 2016-03-18 13:38:32 -07:00
archive.go Fix copy chown settings to not default to real root 2016-02-18 14:44:13 -08:00
archive_unix.go Remove package daemonbuilder. 2016-02-01 09:57:38 -08:00
archive_windows.go Windows: Remove TP4 support from main code 2016-04-06 12:12:20 -07:00
attach.go Let client print error when speicify wrong detach keys 2016-04-04 15:35:55 +08:00
changes.go
commit.go Remove reference package dependency from the api. 2016-04-07 15:01:23 -07:00
config.go Merge pull request #21687 from allencloud/fix-typos 2016-03-31 14:18:31 -07:00
config_experimental.go Move userns support out of experimental into master 2016-01-08 15:06:22 -05:00
config_stub.go
config_test.go add validating configs from configuration file 2016-03-16 00:05:52 +08:00
config_unix.go Windows: bridgeConfig rework 2016-03-28 12:24:01 -07:00
config_windows.go Windows: bridgeConfig rework 2016-03-28 12:24:01 -07:00
container_operations.go Merge pull request #21816 from estesp/case-of-the-missing-else 2016-04-07 17:01:30 -07:00
container_operations_unix.go all: remove some unused funcs and variables 2016-04-06 10:40:01 -07:00
container_operations_windows.go Merge pull request #21809 from Microsoft/jjh/tp4removal 2016-04-06 14:11:33 -07:00
create.go Fix N+1 calling `Path()` on `volume ls` 2016-04-12 20:30:34 -04:00
create_unix.go Merge pull request #21270 from ehazlett/resource-labels 2016-03-22 15:12:33 -04:00
create_windows.go Windows: Remove TP4 support from main code 2016-04-06 12:12:20 -07:00
daemon.go Merge pull request #21904 from yongtang/21848-stats-connected-containers 2016-04-12 10:28:05 -07:00
daemon_experimental.go Move userns support out of experimental into master 2016-01-08 15:06:22 -05:00
daemon_linux.go Fix container mount cleanup issues 2016-03-30 17:25:49 -07:00
daemon_linux_test.go Fix container mount cleanup issues 2016-03-30 17:25:49 -07:00
daemon_stub.go Move userns support out of experimental into master 2016-01-08 15:06:22 -05:00
daemon_test.go add label support for build, networks and volumes 2016-03-22 11:49:06 -04:00
daemon_unix.go Merge pull request #20924 from Microsoft/10662-CPUResourceControls 2016-04-15 08:14:59 +02:00
daemon_unix_test.go Consolidate security options to use `=` as separator. 2016-03-17 13:34:42 -04:00
daemon_unsupported.go
daemon_windows.go Merge pull request #20924 from Microsoft/10662-CPUResourceControls 2016-04-15 08:14:59 +02:00
debugtrap_unix.go
debugtrap_unsupported.go
debugtrap_windows.go Windows: psignal alias not required 2016-03-27 17:23:34 -07:00
delete.go Merge pull request #21802 from tiborvass/carry-21716 2016-04-06 15:21:38 -04:00
delete_test.go Remove static errors from errors package. 2016-02-26 15:49:09 -05:00
discovery.go fix typos 2016-03-11 23:22:16 +08:00
discovery_test.go Fix minor vet warnings 2016-02-03 10:43:01 -08:00
errors.go Remove static errors from errors package. 2016-02-26 15:49:09 -05:00
events.go Add the possibility to log event with specific attributes 2016-01-17 12:14:01 +01:00
events_test.go Add the possibility to log event with specific attributes 2016-01-17 12:14:01 +01:00
exec.go Let client print error when speicify wrong detach keys 2016-04-04 15:35:55 +08:00
exec_linux.go Replace execdrivers with containerd implementation 2016-03-18 13:38:32 -07:00
exec_windows.go Windows: escape entrypoint before passing to libcontainerd 2016-03-30 12:59:50 -07:00
export.go Remove static errors from errors package. 2016-02-26 15:49:09 -05:00
image_delete.go Remove static errors from errors package. 2016-02-26 15:49:09 -05:00
image_pull.go Remove reference package dependency from the api. 2016-04-07 15:01:23 -07:00
image_push.go Remove reference package dependency from the api. 2016-04-07 15:01:23 -07:00
image_tag.go Remove reference package dependency from the api. 2016-04-07 15:01:23 -07:00
images.go Fix image filter 2016-01-14 08:17:40 +00:00
import.go Remove reference package dependency from the api. 2016-04-07 15:01:23 -07:00
info.go Show "seccomp" in docker info (#20909). 2016-03-30 09:23:15 +00:00
inspect.go Fix N+1 calling `Path()` on `volume ls` 2016-04-12 20:30:34 -04:00
inspect_unix.go Replace execdrivers with containerd implementation 2016-03-18 13:38:32 -07:00
inspect_windows.go Windows libcontainerd implementation 2016-03-18 13:38:41 -07:00
kill.go Fix critical bug: can't restart a restarting container 2016-04-08 22:02:30 +08:00
links.go Add migration from sqlite links back to hostConfig 2016-01-11 11:31:29 -05:00
links_test.go Extract container store from the daemon. 2016-01-19 13:21:41 -05:00
list.go Fix N+1 calling `Path()` on `volume ls` 2016-04-12 20:30:34 -04:00
list_unix.go
list_windows.go
logdrivers_linux.go daemon/logger: Add logging driver for Google Cloud Logging 2016-03-01 08:06:10 -08:00
logdrivers_windows.go Windows: Add ETW logging driver plug-in 2016-02-16 13:24:49 -08:00
logs.go use router.Cancellable instead of direct CloseNotify 2016-03-25 11:33:54 -07:00
monitor.go Merge pull request #21839 from WeiZhang555/add-start-event 2016-04-08 17:52:22 -07:00
monitor_linux.go Adding postRunProcessing infrastructure for hanlding Windows Update. 2016-04-06 14:03:05 -07:00
monitor_windows.go Adding postRunProcessing infrastructure for hanlding Windows Update. 2016-04-06 14:03:05 -07:00
mounts.go Remove static errors from errors package. 2016-02-26 15:49:09 -05:00
network.go Remove runconfig package dependency from image and container routers. 2016-03-28 16:23:51 -04:00
oci_linux.go Add support for setting sysctls 2016-04-12 13:37:31 -04:00
oci_windows.go Merge pull request #20924 from Microsoft/10662-CPUResourceControls 2016-04-15 08:14:59 +02:00
pause.go Replace execdrivers with containerd implementation 2016-03-18 13:38:32 -07:00
rename.go Remove static errors from errors package. 2016-02-26 15:49:09 -05:00
resize.go Replace execdrivers with containerd implementation 2016-03-18 13:38:32 -07:00
restart.go Remove static errors from errors package. 2016-02-26 15:49:09 -05:00
seccomp_disabled.go Replace execdrivers with containerd implementation 2016-03-18 13:38:32 -07:00
seccomp_linux.go Reuse profiles/seccomp package 2016-03-19 14:15:39 -07:00
selinux_linux.go
selinux_unsupported.go
start.go Add missing "start" event back for auto-restart container 2016-04-08 11:40:32 +08:00
stats.go use router.Cancellable instead of direct CloseNotify 2016-03-25 11:33:54 -07:00
stats_collector_unix.go Fix docker stats missing memory limit 2016-04-07 22:09:07 -04:00
stats_collector_windows.go
stop.go Remove static errors from errors package. 2016-02-26 15:49:09 -05:00
top_unix.go Replace execdrivers with containerd implementation 2016-03-18 13:38:32 -07:00
top_windows.go Windows: Minimal docker top implementation 2016-03-20 16:45:53 -07:00
unpause.go Replace execdrivers with containerd implementation 2016-03-18 13:38:32 -07:00
update.go Replace execdrivers with containerd implementation 2016-03-18 13:38:32 -07:00
update_linux.go Replace execdrivers with containerd implementation 2016-03-18 13:38:32 -07:00
update_windows.go Windows libcontainerd implementation 2016-03-18 13:38:41 -07:00
volumes.go Fix N+1 calling `Path()` on `volume ls` 2016-04-12 20:30:34 -04:00
volumes_unit_test.go
volumes_unix.go Replace execdrivers with containerd implementation 2016-03-18 13:38:32 -07:00
volumes_windows.go Remove unneeded references to execDriver 2016-03-21 13:06:08 -07:00
wait.go