2022-04-08 17:44:40 +00:00
|
|
|
//go:build !windows
|
2022-11-15 03:56:49 +00:00
|
|
|
// +build !windows
|
2020-02-22 18:39:33 +00:00
|
|
|
|
2019-03-08 22:47:44 +00:00
|
|
|
package rootless
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"os"
|
|
|
|
"path/filepath"
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
"github.com/pkg/errors"
|
|
|
|
"github.com/sirupsen/logrus"
|
|
|
|
"golang.org/x/sys/unix"
|
|
|
|
)
|
|
|
|
|
|
|
|
func setupMounts(stateDir string) error {
|
2021-01-22 13:56:27 +00:00
|
|
|
// Remove symlinks to the rootful files, so that we can create our own files.
|
|
|
|
removeList := []string{
|
|
|
|
"/var/run/netns",
|
|
|
|
"/run/containerd",
|
|
|
|
"/run/xtables.lock",
|
|
|
|
}
|
|
|
|
for _, f := range removeList {
|
|
|
|
_ = os.RemoveAll(f)
|
|
|
|
}
|
|
|
|
|
2019-03-08 22:47:44 +00:00
|
|
|
mountMap := [][]string{
|
|
|
|
{"/var/log", filepath.Join(stateDir, "logs")},
|
|
|
|
{"/var/lib/cni", filepath.Join(stateDir, "cni")},
|
2020-01-22 17:53:24 +00:00
|
|
|
{"/var/lib/kubelet", filepath.Join(stateDir, "kubelet")},
|
|
|
|
{"/etc/rancher", filepath.Join(stateDir, "etc", "rancher")},
|
2019-03-08 22:47:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, v := range mountMap {
|
|
|
|
if err := setupMount(v[0], v[1]); err != nil {
|
|
|
|
return errors.Wrapf(err, "failed to setup mount %s => %s", v[0], v[1])
|
|
|
|
}
|
|
|
|
}
|
2021-03-16 06:13:58 +00:00
|
|
|
|
|
|
|
if devKmsg, err := os.Open("/dev/kmsg"); err == nil {
|
|
|
|
devKmsg.Close()
|
|
|
|
} else {
|
|
|
|
// kubelet requires /dev/kmsg to be readable
|
|
|
|
// https://github.com/rootless-containers/usernetes/issues/204
|
|
|
|
// https://github.com/rootless-containers/usernetes/pull/214
|
|
|
|
logrus.Debugf("`kernel.dmesg_restrict` seems to be set, bind-mounting /dev/null into /dev/kmsg")
|
|
|
|
if err := unix.Mount("/dev/null", "/dev/kmsg", "none", unix.MS_BIND, ""); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
2019-03-08 22:47:44 +00:00
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func setupMount(target, dir string) error {
|
|
|
|
toCreate := target
|
|
|
|
for {
|
|
|
|
if toCreate == "/" {
|
|
|
|
return fmt.Errorf("missing /%s on the root filesystem", strings.Split(target, "/")[0])
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := os.MkdirAll(toCreate, 0700); err == nil {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
|
|
|
|
toCreate = filepath.Base(toCreate)
|
|
|
|
}
|
|
|
|
|
2019-05-29 04:57:52 +00:00
|
|
|
if err := os.MkdirAll(toCreate, 0700); err != nil {
|
|
|
|
return errors.Wrapf(err, "failed to create directory %s", toCreate)
|
|
|
|
}
|
|
|
|
|
2019-03-08 22:47:44 +00:00
|
|
|
logrus.Debug("Mounting none ", toCreate, " tmpfs")
|
|
|
|
if err := unix.Mount("none", toCreate, "tmpfs", 0, ""); err != nil {
|
|
|
|
return errors.Wrapf(err, "failed to mount tmpfs to %s", toCreate)
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := os.MkdirAll(target, 0700); err != nil {
|
2019-05-29 04:57:52 +00:00
|
|
|
return errors.Wrapf(err, "failed to create directory %s", target)
|
2019-03-08 22:47:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if dir == "" {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := os.MkdirAll(dir, 0700); err != nil {
|
2019-05-29 04:57:52 +00:00
|
|
|
return errors.Wrapf(err, "failed to create directory %s", dir)
|
2019-03-08 22:47:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
logrus.Debug("Mounting ", dir, target, " none bind")
|
|
|
|
return unix.Mount(dir, target, "none", unix.MS_BIND, "")
|
|
|
|
}
|