Skip to content

Commit

Permalink
Merge pull request #4037 from vigh-m/modprobe-mount
Browse files Browse the repository at this point in the history
Mount static kmod as /usr/local/sbin/modprobe
  • Loading branch information
vigh-m authored Jun 6, 2024
2 parents 73fb2af + ec021fd commit 892e31f
Show file tree
Hide file tree
Showing 4 changed files with 48 additions and 0 deletions.
9 changes: 9 additions & 0 deletions packages/containerd/containerd-cri-base-json
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,15 @@ oci-defaults = { version = "v1", helpers = ["oci_defaults"] }
"mode=755",
"size=65536k"
]
},
{
"destination": "/usr/local/sbin/modprobe",
"source": "/usr/bin/kmod",
"options": [
"exec",
"bind",
"ro"
]
}
],
"linux": {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
From e35f5eeeaa4c7b9ec1ae0720fc7de0fc4d43e02f Mon Sep 17 00:00:00 2001
From: Arnaldo Garcia Rincon <[email protected]>
Date: Thu, 30 May 2024 14:38:33 +0000
Subject: [PATCH] oci: inject kmod in all containers

Append a new mount to the default spec created for Linux containers

Signed-off-by: Arnaldo Garcia Rincon <[email protected]>
Signed-off-by: Vighnesh Maheshwari <[email protected]>
---
oci/defaults.go | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/oci/defaults.go b/oci/defaults.go
index c3dae8b..2e90cfa 100644
--- a/oci/defaults.go
+++ b/oci/defaults.go
@@ -100,6 +100,12 @@ func DefaultLinuxSpec() specs.Spec {
Source: "shm",
Options: []string{"nosuid", "noexec", "nodev", "mode=1777"},
},
+ {
+ Destination: "/usr/local/sbin/modprobe",
+ Type: "bind",
+ Source: "/usr/bin/kmod",
+ Options: []string{"exec", "bind", "ro"},
+ },
},
Linux: &specs.Linux{
MaskedPaths: []string{
--
2.44.0
1 change: 1 addition & 0 deletions packages/docker-engine/docker-engine.spec
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ Source100: prepare-var-lib-docker.service
Source1000: clarify.toml

Patch0001: 0001-Change-default-capabilities-using-daemon-config.patch
Patch0002: 0002-oci-inject-kmod-in-all-containers.patch

BuildRequires: git
BuildRequires: %{_cross_os}glibc-devel
Expand Down
6 changes: 6 additions & 0 deletions sources/host-ctr/cmd/host-ctr/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -896,6 +896,12 @@ func withPrivilegedMounts() oci.SpecOpts {
Source: "/mnt",
Type: "bind",
},
{
Options: []string{"bind", "ro", "exec"},
Destination: "/usr/local/sbin/modprobe",
Source: "/usr/bin/kmod",
Type: "bind",
},
})
}

Expand Down

0 comments on commit 892e31f

Please sign in to comment.