Skip to content

Commit 2002832

Browse files
authored
Merge pull request moby#35829 from cpuguy83/no_private_mount_for_plugins
Perform plugin mounts in the runtime
2 parents 9f68f20 + 0df654f commit 2002832

20 files changed

Lines changed: 180 additions & 223 deletions

File tree

daemon/graphdriver/plugin.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ func newPluginDriver(name string, pl plugingetter.CompatPlugin, config Options)
2323
home := config.Root
2424
if !pl.IsV1() {
2525
if p, ok := pl.(*v2.Plugin); ok {
26-
if p.PropagatedMount != "" {
26+
if p.PluginObj.Config.PropagatedMount != "" {
2727
home = p.PluginObj.Config.PropagatedMount
2828
}
2929
}

daemon/graphdriver/proxy.go

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@ import (
44
"errors"
55
"fmt"
66
"io"
7-
"path/filepath"
87

98
"github.com/docker/docker/pkg/archive"
109
"github.com/docker/docker/pkg/containerfs"
@@ -143,7 +142,7 @@ func (d *graphDriverProxy) Get(id, mountLabel string) (containerfs.ContainerFS,
143142
if ret.Err != "" {
144143
err = errors.New(ret.Err)
145144
}
146-
return containerfs.NewLocalContainerFS(filepath.Join(d.p.BasePath(), ret.Dir)), err
145+
return containerfs.NewLocalContainerFS(d.p.ScopedPath(ret.Dir)), err
147146
}
148147

149148
func (d *graphDriverProxy) Put(id string) error {

daemon/logger/adapter.go

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ package logger // import "github.com/docker/docker/daemon/logger"
33
import (
44
"io"
55
"os"
6-
"strings"
6+
"path/filepath"
77
"sync"
88
"time"
99

@@ -19,7 +19,6 @@ type pluginAdapter struct {
1919
driverName string
2020
id string
2121
plugin logPlugin
22-
basePath string
2322
fifoPath string
2423
capabilities Capability
2524
logInfo Info
@@ -58,7 +57,7 @@ func (a *pluginAdapter) Close() error {
5857
a.mu.Lock()
5958
defer a.mu.Unlock()
6059

61-
if err := a.plugin.StopLogging(strings.TrimPrefix(a.fifoPath, a.basePath)); err != nil {
60+
if err := a.plugin.StopLogging(filepath.Join("/", "run", "docker", "logging", a.id)); err != nil {
6261
return err
6362
}
6463

daemon/logger/plugin.go

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,6 @@ import (
55
"io"
66
"os"
77
"path/filepath"
8-
"strings"
98

109
"github.com/docker/docker/api/types/plugins/logdriver"
1110
getter "github.com/docker/docker/pkg/plugingetter"
@@ -39,18 +38,20 @@ func getPlugin(name string, mode int) (Creator, error) {
3938
}
4039

4140
d := &logPluginProxy{p.Client()}
42-
return makePluginCreator(name, d, p.BasePath()), nil
41+
return makePluginCreator(name, d, p.ScopedPath), nil
4342
}
4443

45-
func makePluginCreator(name string, l *logPluginProxy, basePath string) Creator {
44+
func makePluginCreator(name string, l *logPluginProxy, scopePath func(s string) string) Creator {
4645
return func(logCtx Info) (logger Logger, err error) {
4746
defer func() {
4847
if err != nil {
4948
pluginGetter.Get(name, extName, getter.Release)
5049
}
5150
}()
52-
root := filepath.Join(basePath, "run", "docker", "logging")
53-
if err := os.MkdirAll(root, 0700); err != nil {
51+
52+
unscopedPath := filepath.Join("/", "run", "docker", "logging")
53+
logRoot := scopePath(unscopedPath)
54+
if err := os.MkdirAll(logRoot, 0700); err != nil {
5455
return nil, err
5556
}
5657

@@ -59,8 +60,7 @@ func makePluginCreator(name string, l *logPluginProxy, basePath string) Creator
5960
driverName: name,
6061
id: id,
6162
plugin: l,
62-
basePath: basePath,
63-
fifoPath: filepath.Join(root, id),
63+
fifoPath: filepath.Join(logRoot, id),
6464
logInfo: logCtx,
6565
}
6666

@@ -77,7 +77,7 @@ func makePluginCreator(name string, l *logPluginProxy, basePath string) Creator
7777
a.stream = stream
7878
a.enc = logdriver.NewLogEntryEncoder(a.stream)
7979

80-
if err := l.StartLogging(strings.TrimPrefix(a.fifoPath, basePath), logCtx); err != nil {
80+
if err := l.StartLogging(filepath.Join(unscopedPath, id), logCtx); err != nil {
8181
return nil, errors.Wrapf(err, "error creating logger")
8282
}
8383

daemon/metrics.go

Lines changed: 0 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,8 @@
11
package daemon // import "github.com/docker/docker/daemon"
22

33
import (
4-
"path/filepath"
54
"sync"
65

7-
"github.com/docker/docker/pkg/mount"
86
"github.com/docker/docker/pkg/plugingetter"
97
metrics "github.com/docker/go-metrics"
108
"github.com/pkg/errors"
@@ -132,18 +130,6 @@ func (d *Daemon) cleanupMetricsPlugins() {
132130
}
133131
}
134132

135-
type metricsPlugin struct {
136-
plugingetter.CompatPlugin
137-
}
138-
139-
func (p metricsPlugin) sock() string {
140-
return "metrics.sock"
141-
}
142-
143-
func (p metricsPlugin) sockBase() string {
144-
return filepath.Join(p.BasePath(), "run", "docker")
145-
}
146-
147133
func pluginStartMetricsCollection(p plugingetter.CompatPlugin) error {
148134
type metricsPluginResponse struct {
149135
Err string
@@ -162,12 +148,4 @@ func pluginStopMetricsCollection(p plugingetter.CompatPlugin) {
162148
if err := p.Client().Call(metricsPluginType+".StopMetrics", nil, nil); err != nil {
163149
logrus.WithError(err).WithField("name", p.Name()).Error("error stopping metrics collector")
164150
}
165-
166-
mp := metricsPlugin{p}
167-
sockPath := filepath.Join(mp.sockBase(), mp.sock())
168-
if err := mount.Unmount(sockPath); err != nil {
169-
if mounted, _ := mount.Mounted(sockPath); mounted {
170-
logrus.WithError(err).WithField("name", p.Name()).WithField("socket", sockPath).Error("error unmounting metrics socket for plugin")
171-
}
172-
}
173151
}

daemon/metrics_unix.go

Lines changed: 11 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,13 @@ package daemon // import "github.com/docker/docker/daemon"
55
import (
66
"net"
77
"net/http"
8-
"os"
98
"path/filepath"
109

11-
"github.com/docker/docker/pkg/mount"
1210
"github.com/docker/docker/pkg/plugingetter"
1311
"github.com/docker/docker/pkg/plugins"
12+
"github.com/docker/docker/plugin"
1413
metrics "github.com/docker/go-metrics"
14+
specs "github.com/opencontainers/runtime-spec/specs-go"
1515
"github.com/pkg/errors"
1616
"github.com/sirupsen/logrus"
1717
"golang.org/x/sys/unix"
@@ -34,52 +34,22 @@ func (daemon *Daemon) listenMetricsSock() (string, error) {
3434
return path, nil
3535
}
3636

37-
func registerMetricsPluginCallback(getter plugingetter.PluginGetter, sockPath string) {
38-
getter.Handle(metricsPluginType, func(name string, client *plugins.Client) {
37+
func registerMetricsPluginCallback(store *plugin.Store, sockPath string) {
38+
store.RegisterRuntimeOpt(metricsPluginType, func(s *specs.Spec) {
39+
f := plugin.WithSpecMounts([]specs.Mount{
40+
{Type: "bind", Source: sockPath, Destination: "/run/docker/metrics.sock", Options: []string{"bind", "ro"}},
41+
})
42+
f(s)
43+
})
44+
store.Handle(metricsPluginType, func(name string, client *plugins.Client) {
3945
// Use lookup since nothing in the system can really reference it, no need
4046
// to protect against removal
41-
p, err := getter.Get(name, metricsPluginType, plugingetter.Lookup)
47+
p, err := store.Get(name, metricsPluginType, plugingetter.Lookup)
4248
if err != nil {
4349
return
4450
}
4551

46-
mp := metricsPlugin{p}
47-
sockBase := mp.sockBase()
48-
if err := os.MkdirAll(sockBase, 0755); err != nil {
49-
logrus.WithError(err).WithField("name", name).WithField("path", sockBase).Error("error creating metrics plugin base path")
50-
return
51-
}
52-
53-
defer func() {
54-
if err != nil {
55-
os.RemoveAll(sockBase)
56-
}
57-
}()
58-
59-
pluginSockPath := filepath.Join(sockBase, mp.sock())
60-
_, err = os.Stat(pluginSockPath)
61-
if err == nil {
62-
mount.Unmount(pluginSockPath)
63-
} else {
64-
logrus.WithField("path", pluginSockPath).Debugf("creating plugin socket")
65-
f, err := os.OpenFile(pluginSockPath, os.O_CREATE, 0600)
66-
if err != nil {
67-
return
68-
}
69-
f.Close()
70-
}
71-
72-
if err := mount.Mount(sockPath, pluginSockPath, "none", "bind,ro"); err != nil {
73-
logrus.WithError(err).WithField("name", name).Error("could not mount metrics socket to plugin")
74-
return
75-
}
76-
7752
if err := pluginStartMetricsCollection(p); err != nil {
78-
if err := mount.Unmount(pluginSockPath); err != nil {
79-
if mounted, _ := mount.Mounted(pluginSockPath); mounted {
80-
logrus.WithError(err).WithField("sock_path", pluginSockPath).Error("error unmounting metrics socket from plugin during cleanup")
81-
}
82-
}
8353
logrus.WithError(err).WithField("name", name).Error("error while initializing metrics plugin")
8454
}
8555
})

integration-cli/docker_cli_daemon_plugins_test.go

Lines changed: 2 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,6 @@
33
package main
44

55
import (
6-
"os"
7-
"path/filepath"
86
"strings"
97

108
"github.com/docker/docker/integration-cli/checker"
@@ -199,12 +197,6 @@ func (s *DockerDaemonSuite) TestVolumePlugin(c *check.C) {
199197
if err != nil {
200198
c.Fatalf("Could not install plugin: %v %s", err, out)
201199
}
202-
pluginID, err := s.d.Cmd("plugin", "inspect", "-f", "{{.Id}}", pName)
203-
pluginID = strings.TrimSpace(pluginID)
204-
if err != nil {
205-
c.Fatalf("Could not retrieve plugin ID: %v %s", err, pluginID)
206-
}
207-
mountpointPrefix := filepath.Join(s.d.RootDir(), "plugins", pluginID, "rootfs")
208200
defer func() {
209201
if out, err := s.d.Cmd("plugin", "disable", pName); err != nil {
210202
c.Fatalf("Could not disable plugin: %v %s", err, out)
@@ -213,11 +205,6 @@ func (s *DockerDaemonSuite) TestVolumePlugin(c *check.C) {
213205
if out, err := s.d.Cmd("plugin", "remove", pName); err != nil {
214206
c.Fatalf("Could not remove plugin: %v %s", err, out)
215207
}
216-
217-
exists, err := existsMountpointWithPrefix(mountpointPrefix)
218-
c.Assert(err, checker.IsNil)
219-
c.Assert(exists, checker.Equals, false)
220-
221208
}()
222209

223210
out, err = s.d.Cmd("volume", "create", "-d", pName, volName)
@@ -237,21 +224,11 @@ func (s *DockerDaemonSuite) TestVolumePlugin(c *check.C) {
237224
c.Assert(out, checker.Contains, volName)
238225
c.Assert(out, checker.Contains, pName)
239226

240-
mountPoint, err := s.d.Cmd("volume", "inspect", volName, "--format", "{{.Mountpoint}}")
241-
if err != nil {
242-
c.Fatalf("Could not inspect volume: %v %s", err, mountPoint)
243-
}
244-
mountPoint = strings.TrimSpace(mountPoint)
245-
246227
out, err = s.d.Cmd("run", "--rm", "-v", volName+":"+destDir, "busybox", "touch", destDir+destFile)
247228
c.Assert(err, checker.IsNil, check.Commentf(out))
248-
path := filepath.Join(s.d.RootDir(), "plugins", pluginID, "rootfs", mountPoint, destFile)
249-
_, err = os.Lstat(path)
250-
c.Assert(err, checker.IsNil)
251229

252-
exists, err := existsMountpointWithPrefix(mountpointPrefix)
253-
c.Assert(err, checker.IsNil)
254-
c.Assert(exists, checker.Equals, true)
230+
out, err = s.d.Cmd("run", "--rm", "-v", volName+":"+destDir, "busybox", "ls", destDir+destFile)
231+
c.Assert(err, checker.IsNil, check.Commentf(out))
255232
}
256233

257234
func (s *DockerDaemonSuite) TestGraphdriverPlugin(c *check.C) {

pkg/plugingetter/getter.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ const (
1717
type CompatPlugin interface {
1818
Client() *plugins.Client
1919
Name() string
20-
BasePath() string
20+
ScopedPath(string) string
2121
IsV1() bool
2222
}
2323

pkg/plugins/plugins_unix.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@
22

33
package plugins // import "github.com/docker/docker/pkg/plugins"
44

5-
// BasePath returns the path to which all paths returned by the plugin are relative to.
6-
// For v1 plugins, this always returns the host's root directory.
7-
func (p *Plugin) BasePath() string {
8-
return "/"
5+
// ScopedPath returns the path scoped to the plugin's rootfs.
6+
// For v1 plugins, this always returns the path unchanged as v1 plugins run directly on the host.
7+
func (p *Plugin) ScopedPath(s string) string {
8+
return s
99
}

pkg/plugins/plugins_windows.go

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,7 @@
11
package plugins // import "github.com/docker/docker/pkg/plugins"
22

3-
// BasePath returns the path to which all paths returned by the plugin are relative to.
4-
// For Windows v1 plugins, this returns an empty string, since the plugin is already aware
5-
// of the absolute path of the mount.
6-
func (p *Plugin) BasePath() string {
7-
return ""
3+
// ScopedPath returns the path scoped to the plugin's rootfs.
4+
// For v1 plugins, this always returns the path unchanged as v1 plugins run directly on the host.
5+
func (p *Plugin) ScopedPath(s string) string {
6+
return s
87
}

0 commit comments

Comments
 (0)