--mount type=glob does not preserve symlinks
#20098
Comments
|
Assigning to @giuseppe who has some ideas on how to preserve symlinks. |
|
my comment was unclear, but I don't think we need to change the semantics of how mounts work. If we want to preserve symlinks we need a "copy" option. In any case, I am not able to look into it in the near future, so unassigning myself. |
|
@giuseppe, can you elaborate on the "copy" idea? Maybe somebody else can tackle the issue but I want to make sure it's clear what to do. So in addition to |
|
the mount semantic in Linux is to always follow symlinks for the source, and it makes sense somehow since the symlink could point to a path not present in the new namespace as well as anyway we still need to create the symlink inode before mounting on top of it, so it makes sense to just create it with the right content. Maybe it could just be an option for the mount command, e.g. and when Podman encounters it, it creates the symlink inside the rootfs inside of adding a mount for the OCI runtime. This must be handled directly from Podman, there is no need to extend the OCI runtime for doing the copy IMO. |
That sounds fairly straight-forward. I'd even vote to always re-create symlinks for |
|
I agree. |
|
I had another chat with @giuseppe on this issue. We settled on adding a new mount option that will work for all mount types, not only the glob one. |
|
@rhatdan @giuseppe - the below tests reveals some behavior I don't yet grasp. I somehow expected diff --git a/test/system/060-mount.bats b/test/system/060-mount.bats
index 4452a5aa59cf..b4afacb5b6aa 100644
--- a/test/system/060-mount.bats
+++ b/test/system/060-mount.bats
@@ -308,4 +308,32 @@ EOF
fi
}
+@test "podman mount preserve symlinks" {
+ dir=$PODMAN_TMPDIR/sub-dir
+ data_file=$PODMAN_TMPDIR/sub-dir/data
+ link=$PODMAN_TMPDIR/sub-dir/link
+
+ mkdir $dir
+ random_host="on_the_host_$(random_string 15)"
+ random_img="on_the_image_$(random_string 15)"
+ echo "$random_host" > $data_file
+ ln -s $data_file $link
+
+ dockerfile=$PODMAN_TMPDIR/Dockerfile
+ cat >$dockerfile <<EOF
+FROM $IMAGE
+RUN echo $random_img > /tmp/data
+EOF
+
+ img="localhost/preserve:symlinks"
+ run_podman build -t $img -f $dockerfile
+
+ run_podman run --mount type=bind,src=$dir/link,dst=/tmp/link --rm --privileged $img cat /tmp/link
+ assert "$output" = "$random_host" "by default, symlink is resolved on the host"
+ run_podman run --mount type=glob,src=$dir/lin*,dst=/tmp/link --rm --privileged $img cat /tmp/link
+ assert "$output" = "$random_host" "by default, symlink is resolved on the host"
+
+ run_podman rmi -f $img
+}
+ |
|
The failure I see is Replacing Does that help? |
|
Thanks, @edsantiago. I will continue digging. Something seems off/broken in the glob mounts. |
|
The behavior I'm seeing looks 100% correct. The simplest way I can describe it is, assuming this: You cannot just mount file
Does that make sense? |
|
makes perfect sense, thanks Ed! Juggling too many things atm. |
|
GLOB and direct path should be exactly the same. |
|
@rhatdan agreed. The confusion was on my end. Ed's explanation makes quite some sense. If I have |
|
A friendly reminder that this issue had no activity for 30 days. |
Add a new `no-dereference` mount option supported by crun 1.11+ to re-create/copy a symlink if it's the source of a mount. By default the kernel will resolve the symlink on the host and mount the target. As reported in containers#20098, there are use cases where the symlink structure must be preserved by all means. Fixes: containers#20098 Fixes: issues.redhat.com/browse/RUN-1935 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Broken out of #20000:
Here's an example.
I'm using this line in my module file to do the
globmount:Here are our target libraries on the host system:
Here are the mounted libraries inside the container running with my gpu module:
We'd like the existing symlinks to be preserved.
Originally posted by @lastephey in #20000 (comment)
The text was updated successfully, but these errors were encountered: