Add support for filesystem binds

Since enabling every filesystem operation would be extensive, just
enable filesystem binds for now.  The default is RW and bind, but it
use mount -o option.

Signed-off-by: Brian Woods <[email protected]>
Reviewed-by: Stefano Stabellini <[email protected]>
Signed-off-by: Stefano Stabellini <[email protected]>

Author: Brian Woods

README.md

@@ -114,3 +114,35 @@ An example cni file is:
     }
 }
 ```
+
+
+
+Container Filesystem Binds
+--------------------------
+
+Currently runX only supports filesystem binds.  The defaults are bind and RW.
+You can also pass any -o arguement mount uses.  Now you use them in containerd
+like:
+
+```
+ctr ...  --mount type=bind,src=/tmp,dst=/host,options=bind:rw ...
+```
+
+which is the same as:
+
+```
+ctr ...  --mount type=bind,src=/tmp,dst=/host ...
+```
+
+Or to have it RO and disable execution:
+
+```
+ctr ...  --mount type=bind,src=/tmp,dst=/host,options=ro:noexec ...
+```
+
+Likewise to just use rbind rather than bind:
+
+
+```
+ctr ...  --mount type=bind,src=/tmp,dst=/host,options=rbind ...
+```

build.sh

@@ -18,7 +18,7 @@ set -o pipefail
 # Path to statically built busybox binary i.e.
 # busybox=/usr/bin/busybox-static-aarch64
 
-execs="start delete state serial_start create pause"
+execs="start delete state serial_start create pause mount"
 
 # Clean the repo, but save the vendor area
 if [ "x${1:-}" != "x" ] && [ "clean" == "$1" ]; then

files/mount

@@ -0,0 +1,77 @@
+#!/bin/bash
+
+workpath=/usr/share/runX
+MNT_MAX_IT=30
+OPT_MAX_IT=15
+UMNT_MAX_IT=5
+
+containerid="$1"
+crundir="$2"
+op="$3"
+bundle=$( cat "$crundir"/bundle )
+configfile="$bundle"/config.json
+mountpoint=$( cat "$crundir"/rootfs )
+
+for (( i=0 ; i < MNT_MAX_IT ; i++ ))
+do
+    jq_type=$( jq -r  .[\"mounts\"][$i][\"type\"] "$configfile" )
+
+    if test "$jq_type" = "null"
+    then
+        break
+    fi
+
+    if test "$jq_type" = "bind"
+    then
+        jq_des=$( jq -r  .[\"mounts\"][$i][\"destination\"] "$configfile" )
+        jq_src=$( jq -r  .[\"mounts\"][$i][\"source\"] "$configfile" )
+
+        if test "$op" = "mount"
+        then
+            jq_rw="rw"
+            jq_bind="bind"
+            jq_cmd=""
+            for (( j=0 ; j < OPT_MAX_IT ; j++ ))
+            do
+                jq_opt=$( jq -r  .[\"mounts\"][$i][\"options\"][$j] "$configfile" )
+
+                case "$jq_opt" in
+                "null")
+                    break
+                    ;;
+                "bind")
+                    ;&
+                "rbind")
+                    jq_bind="$jq_opt"
+                    ;;
+                "rw")
+                    ;&
+                "ro")
+                    jq_rw="$jq_opt"
+                    ;;
+                *)
+                    jq_cmd+="$jq_opt,"
+                    ;;
+                esac
+            done
+
+            mkdir -p "$mountpoint$jq_des"
+            mount -o "$jq_cmd$jq_bind" "$jq_src"  "$mountpoint$jq_des"
+            if test "$jq_rw" = "ro"
+            then
+                mount -o "$jq_cmd$jq_bind,remount,ro" "$mountpoint$jq_des"
+            fi
+        else
+            for (( j=0 ; j < UMNT_MAX_IT ; j++ ))
+            do
+                umount "$mountpoint$jq_des"
+                if test "$?" = "0"
+                then
+                    break
+                else
+                    sleep 1
+                fi
+            done
+        fi
+    fi
+done

runX

@@ -116,8 +116,10 @@ then
 elif test $cmd = "kill"
 then
     $workpath/delete $containerid
+    $workpath/mount $containerid "$crundir" unmount
 elif test $cmd = "create"
 then
+    $workpath/mount $containerid "$crundir" mount
     $workpath/create $containerid "$crundir"
 
     if test "$guestconsole"