Browse code
daemon: init container rootfs at end of create
Build up the full container config and do all the bookkeeping that can
be done before initializing the container's RWLayer, rootfs and mounts
so the comparatively expensive filesystem operations do not need to be
performed then reverted if the container creation fails due to a problem
with the container configuration.
Signed-off-by: Cory Snider <csnider@mirantis.com>
Cory Snider authored on 2026/05/08 04:09:20Showing 1 changed files
| ... | ... |
@@ -227,22 +227,6 @@ func (daemon *Daemon) create(ctx context.Context, daemonCfg *config.Config, opts |
| 227 | 227 |
|
| 228 | 228 |
ctr.ImageManifest = imgManifest |
| 229 | 229 |
|
| 230 |
- // Set RWLayer for container after mount labels have been set |
|
| 231 |
- rwLayer, err := daemon.imageService.CreateLayer(ctr, setupInitLayer(daemon.idMapping.RootPair())) |
|
| 232 |
- if err != nil {
|
|
| 233 |
- return nil, errdefs.System(err) |
|
| 234 |
- } |
|
| 235 |
- ctr.RWLayer = rwLayer |
|
| 236 |
- |
|
| 237 |
- cuid := os.Getuid() |
|
| 238 |
- _, gid := daemon.IdentityMapping().RootPair() |
|
| 239 |
- if err := user.MkdirAndChown(ctr.Root, 0o710, cuid, gid); err != nil {
|
|
| 240 |
- return nil, err |
|
| 241 |
- } |
|
| 242 |
- if err := user.MkdirAndChown(ctr.CheckpointDir(), 0o700, cuid, os.Getegid()); err != nil {
|
|
| 243 |
- return nil, err |
|
| 244 |
- } |
|
| 245 |
- |
|
| 246 | 230 |
if err := daemon.registerLinks(ctr); err != nil {
|
| 247 | 231 |
return nil, err |
| 248 | 232 |
} |
| ... | ... |
@@ -268,6 +252,23 @@ func (daemon *Daemon) create(ctx context.Context, daemonCfg *config.Config, opts |
| 268 | 268 |
if err := daemon.registerMountPoints(ctr, opts.params.DefaultReadOnlyNonRecursive); err != nil {
|
| 269 | 269 |
return nil, err |
| 270 | 270 |
} |
| 271 |
+ |
|
| 272 |
+ // Set RWLayer for container after mount labels have been set |
|
| 273 |
+ rwLayer, err := daemon.imageService.CreateLayer(ctr, setupInitLayer(daemon.idMapping.RootPair())) |
|
| 274 |
+ if err != nil {
|
|
| 275 |
+ return nil, errdefs.System(err) |
|
| 276 |
+ } |
|
| 277 |
+ ctr.RWLayer = rwLayer |
|
| 278 |
+ |
|
| 279 |
+ cuid := os.Getuid() |
|
| 280 |
+ _, gid := daemon.IdentityMapping().RootPair() |
|
| 281 |
+ if err := user.MkdirAndChown(ctr.Root, 0o710, cuid, gid); err != nil {
|
|
| 282 |
+ return nil, err |
|
| 283 |
+ } |
|
| 284 |
+ if err := user.MkdirAndChown(ctr.CheckpointDir(), 0o700, cuid, os.Getegid()); err != nil {
|
|
| 285 |
+ return nil, err |
|
| 286 |
+ } |
|
| 287 |
+ |
|
| 271 | 288 |
if err := daemon.createContainerVolumesOS(ctx, ctr, opts.params.Config); err != nil {
|
| 272 | 289 |
return nil, err |
| 273 | 290 |
} |