kube: honor mount propagation mode

convert the propagation mode specified for the mount to the expected Linux mount option. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-08-06 11:32:07 +08:00 · 2022-02-23 12:56:10 +01:00
parent a0c34d64a5
commit eb9fe52a55
2 changed files with 56 additions and 2 deletions
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@ -319,7 +319,7 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
 			continue
 		}

-		dest, options, err := parseMountPath(volume.MountPath, volume.ReadOnly)
+		dest, options, err := parseMountPath(volume.MountPath, volume.ReadOnly, volume.MountPropagation)
 		if err != nil {
 			return nil, err
 		}
@ -385,7 +385,7 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
 	return s, nil
 }

-func parseMountPath(mountPath string, readOnly bool) (string, []string, error) {
+func parseMountPath(mountPath string, readOnly bool, propagationMode *v1.MountPropagationMode) (string, []string, error) {
 	options := []string{}
 	splitVol := strings.Split(mountPath, ":")
 	if len(splitVol) > 2 {
@ -405,6 +405,18 @@ func parseMountPath(mountPath string, readOnly bool) (string, []string, error) {
 	if err != nil {
 		return "", opts, errors.Wrapf(err, "parsing MountOptions")
 	}
+	if propagationMode != nil {
+		switch *propagationMode {
+		case v1.MountPropagationNone:
+			opts = append(opts, "private")
+		case v1.MountPropagationHostToContainer:
+			opts = append(opts, "rslave")
+		case v1.MountPropagationBidirectional:
+			opts = append(opts, "rshared")
+		default:
+			return "", opts, errors.Errorf("unknown propagation mode %q", *propagationMode)
+		}
+	}
 	return dest, opts, nil
 }

--- a/pkg/specgen/generate/kube/kube_test.go
+++ b/pkg/specgen/generate/kube/kube_test.go
@ -0,0 +1,42 @@
+package kube
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	v1 "k8s.io/api/core/v1"
+	//"github.com/stretchr/testify/require"
+)
+
+func testPropagation(t *testing.T, propagation v1.MountPropagationMode, expected string) {
+	dest, options, err := parseMountPath("/to", false, &propagation)
+	assert.NoError(t, err)
+	assert.Equal(t, dest, "/to")
+	assert.Contains(t, options, expected)
+}
+
+func TestParseMountPathPropagation(t *testing.T) {
+	testPropagation(t, v1.MountPropagationNone, "private")
+	testPropagation(t, v1.MountPropagationHostToContainer, "rslave")
+	testPropagation(t, v1.MountPropagationBidirectional, "rshared")
+
+	prop := v1.MountPropagationMode("SpaceWave")
+	_, _, err := parseMountPath("/to", false, &prop)
+	assert.Error(t, err)
+
+	_, options, err := parseMountPath("/to", false, nil)
+	assert.NoError(t, err)
+	assert.NotContains(t, options, "private")
+	assert.NotContains(t, options, "rslave")
+	assert.NotContains(t, options, "rshared")
+}
+
+func TestParseMountPathRO(t *testing.T) {
+	_, options, err := parseMountPath("/to", true, nil)
+	assert.NoError(t, err)
+	assert.Contains(t, options, "ro")
+
+	_, options, err = parseMountPath("/to", false, nil)
+	assert.NoError(t, err)
+	assert.NotContains(t, options, "ro")
+}