pmorjan
commented
3 years ago thanks @yoheiueda on my system the readonly.sh test fails:
$ ./test/integration/readonly.sh
rc_want=0 rc_given=0
test succeeded: readonly.sh : rootfs is not writable
rc_want=0 rc_given=0
test succeeded: readonly.sh : rootfs is read-only
100+0 records in
100+0 records out
104857600 bytes (105 MB, 100 MiB) copied, 0.0363453 s, 2.9 GB/s
mke2fs 1.45.5 (07-Jan-2020)
Discarding device blocks: done
Creating filesystem with 102400 1k blocks and 25688 inodes
Filesystem UUID: 014c00e6-c4d3-4dcf-ad1d-3ebc7361e765
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729
Allocating group tables: done
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done
6daf87a6bcad08f5e1facdbbb0caa3a48e8dabd8a39e25bba6c9fd3d2e6c1a0d
container is not running
rc_want=0 rc_given=1
test failed : readonly.sh : rootfs on block device is not writable
container is not running
rc_want=0 rc_given=1
test failed : readonly.sh : rootfs on block device is read-only
rc_exit=2
rc_exit=2the log of the failing container:
[init(1) 62cabb9] mkdir /rootfs/dev/shm: read-only file systemThat's strange because appart from that --read-only works fine.
yoheiueda
This patch adds the support of the --read-only option of docker run. All mount points on root filesystem needs to be created in proxy in advance.
This commit requires #11 to work correctly.
In Kubernetes, a pod is created with an initial
pausecontainer, and the CRI plugin of containerd creates apausecontainer with a read-only root filesystem.Signed-off-by: Yohei Ueda yohei@jp.ibm.com