| ba1725a9 |
// +build !windows
|
| 4f0d95fa |
package daemon // import "github.com/docker/docker/daemon" |
| ba1725a9 |
import ( |
| 7318eba5 |
"fmt" |
| ba1725a9 |
"os" |
| 81fa9feb |
"sort" |
| 9d12d093 |
"strconv" |
| dc712b92 |
"strings" |
| ba1725a9 |
|
| 6bb0d181 |
"github.com/docker/docker/container" |
| 934328d8 |
"github.com/docker/docker/pkg/fileutils"
"github.com/docker/docker/pkg/mount" |
| 6a70fd22 |
volumemounts "github.com/docker/docker/volume/mounts" |
| ba1725a9 |
)
|
| 72c04ab8 |
// setupMounts iterates through each of the mount points for a container and
// calls Setup() on each. It also looks to see if is a network mount such as
// /etc/resolv.conf, and if it is not, appends it to the array of mounts. |
| 9c4570a9 |
func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, error) {
var mounts []container.Mount |
| 756f6cef |
// TODO: tmpfs mounts should be part of Mountpoints
tmpfsMounts := make(map[string]bool) |
| 18768fdc |
tmpfsMountInfo, err := c.TmpfsMounts()
if err != nil {
return nil, err
}
for _, m := range tmpfsMountInfo { |
| 756f6cef |
tmpfsMounts[m.Destination] = true
} |
| 9c4570a9 |
for _, m := range c.MountPoints { |
| 756f6cef |
if tmpfsMounts[m.Destination] {
continue
} |
| 9c4570a9 |
if err := daemon.lazyInitializeVolume(c.ID, m); err != nil { |
| aab35963 |
return nil, err |
| 2aa673ae |
} |
| 7318eba5 |
// If the daemon is being shutdown, we should not let a container start if it is trying to
// mount the socket the daemon is listening on. During daemon shutdown, the socket
// (/var/run/docker.sock by default) doesn't exist anymore causing the call to m.Setup to
// create at directory instead. This in turn will prevent the daemon to restart. |
| 6a70fd22 |
checkfunc := func(m *volumemounts.MountPoint) error { |
| 7318eba5 |
if _, exist := daemon.hosts[m.Source]; exist && daemon.IsShuttingDown() {
return fmt.Errorf("Could not mount %q to container while the daemon is shutting down", m.Source)
}
return nil
}
|
| 93fbdb69 |
path, err := m.Setup(c.MountLabel, daemon.idMappings.RootPair(), checkfunc) |
| 81fa9feb |
if err != nil {
return nil, err
} |
| 9c4570a9 |
if !c.TrySetNetworkMount(m.Destination, path) {
mnt := container.Mount{ |
| 6bd389b9 |
Source: path,
Destination: m.Destination,
Writable: m.RW, |
| 6d98e344 |
Propagation: string(m.Propagation), |
| a2dc4f79 |
} |
| 9d12d093 |
if m.Volume != nil {
attributes := map[string]string{
"driver": m.Volume.DriverName(), |
| 9c4570a9 |
"container": c.ID, |
| 9d12d093 |
"destination": m.Destination,
"read/write": strconv.FormatBool(m.RW), |
| 6d98e344 |
"propagation": string(m.Propagation), |
| 9d12d093 |
}
daemon.LogVolumeEvent(m.Volume.Name(), "mount", attributes)
} |
| a2dc4f79 |
mounts = append(mounts, mnt) |
| 6bd389b9 |
} |
| b9e4b957 |
} |
| 81fa9feb |
mounts = sortMounts(mounts) |
| 9c4570a9 |
netMounts := c.NetworkMounts() |
| 442b4562 |
// if we are going to mount any of the network files from container
// metadata, the ownership must be set properly for potential container
// remapped root (user namespaces) |
| 93fbdb69 |
rootIDs := daemon.idMappings.RootPair() |
| 442b4562 |
for _, mount := range netMounts { |
| 42716dcf |
// we should only modify ownership of network files within our own container
// metadata repository. If the user specifies a mount path external, it is
// up to the user to make sure the file has proper ownership for userns
if strings.Index(mount.Source, daemon.repository) == 0 {
if err := os.Chown(mount.Source, rootIDs.UID, rootIDs.GID); err != nil {
return nil, err
} |
| 442b4562 |
}
}
return append(mounts, netMounts...), nil |
| b9e4b957 |
}
|
| 72c04ab8 |
// sortMounts sorts an array of mounts in lexicographic order. This ensure that
// when mounting, the mounts don't shadow other mounts. For example, if mounting
// /etc and /etc/resolv.conf, /etc/resolv.conf must not be mounted first. |
| 9c4570a9 |
func sortMounts(m []container.Mount) []container.Mount { |
| 81fa9feb |
sort.Sort(mounts(m))
return m
} |
| b9e4b957 |
|
| a7e686a7 |
// setBindModeIfNull is platform specific processing to ensure the
// shared mode is set to 'z' if it is null. This is called in the case
// of processing a named volume and not a typical bind. |
| 6a70fd22 |
func setBindModeIfNull(bind *volumemounts.MountPoint) { |
| a7e686a7 |
if bind.Mode == "" {
bind.Mode = "z" |
| 47c56e43 |
}
} |
| dc712b92 |
|
| 934328d8 |
func (daemon *Daemon) mountVolumes(container *container.Container) error {
mounts, err := daemon.setupMounts(container)
if err != nil {
return err
}
for _, m := range mounts {
dest, err := container.GetResourcePath(m.Destination)
if err != nil {
return err
}
var stat os.FileInfo
stat, err = os.Stat(m.Source)
if err != nil {
return err
}
if err = fileutils.CreateIfNotExists(dest, stat.IsDir()); err != nil {
return err
}
opts := "rbind,ro"
if m.Writable {
opts = "rbind,rw"
}
if err := mount.Mount(m.Source, dest, bindMountType, opts); err != nil {
return err
}
// mountVolumes() seems to be called for temporary mounts
// outside the container. Soon these will be unmounted with
// lazy unmount option and given we have mounted the rbind,
// all the submounts will propagate if these are shared. If
// daemon is running in host namespace and has / as shared
// then these unmounts will propagate and unmount original
// mount as well. So make all these mounts rprivate.
// Do not use propagation property of volume as that should
// apply only when mounting happen inside the container.
if err := mount.MakeRPrivate(dest); err != nil {
return err
}
}
return nil
} |