From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Ignat Korchagin <ignat@cloudflare.com>,
viro@zeniv.linux.org.uk, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org
Cc: kernel-team@cloudflare.com
Subject: Re: [PATCH] mnt: add support for non-rootfs initramfs
Date: Thu, 05 Mar 2020 13:09:10 -0800 [thread overview]
Message-ID: <1583442550.3927.47.camel@HansenPartnership.com> (raw)
In-Reply-To: <20200305193511.28621-1-ignat@cloudflare.com>
On Thu, 2020-03-05 at 19:35 +0000, Ignat Korchagin wrote:
> The main need for this is to support container runtimes on stateless
> Linux system (pivot_root system call from initramfs).
>
> Normally, the task of initramfs is to mount and switch to a "real"
> root filesystem. However, on stateless systems (booting over the
> network) it is just convenient to have your "real" filesystem as
> initramfs from the start.
>
> This, however, breaks different container runtimes, because they
> usually use pivot_root system call after creating their mount
> namespace. But pivot_root does not work from initramfs, because
> initramfs runs form rootfs, which is the root of the mount tree and
> can't be unmounted.
Can you say more about why this is a problem? We use pivot_root to
pivot from the initramfs rootfs to the newly discovered and mounted
real root ... the same mechanism should work for a container (mount
namespace) running from initramfs ... why doesn't it?
The sequence usually looks like: create and enter a mount namespace,
build a tmpfs for the container in some $root directory then do
cd $root
mkdir old-root
pivot_root . old-root
mount --
make-rprivate /old-root
umount -l /old-root
rmdir /old-root
Once that's done you're disconnected from the initramfs root. The
sequence is really no accident because it's what the initramfs would
have done to pivot to the new root anyway (that's where container
people got it from).
James
next prev parent reply other threads:[~2020-03-05 21:09 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-05 19:35 [PATCH] mnt: add support for non-rootfs initramfs Ignat Korchagin
2020-03-05 20:21 ` Al Viro
2020-03-05 22:45 ` Ignat Korchagin
2020-03-05 21:09 ` James Bottomley [this message]
2020-03-05 22:21 ` Arvind Sankar
2020-03-05 22:53 ` Ignat Korchagin
2020-03-11 14:01 ` Ignat Korchagin
2021-09-14 17:09 graham
2021-09-14 17:09 ` graham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1583442550.3927.47.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=ignat@cloudflare.com \
--cc=kernel-team@cloudflare.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).