containers/buildah
1
0
Fork 0
mirror of https://github.com/containers/buildah.git synced 2026-02-05 09:45:38 +01:00
Code Issues Releases Wiki Activity

internal/volume.GetBindMount(): discard writes in bind mounts

Browse Source 
When handling RUN --mount=type=bind, where the mount is read-write,
instead of a simple bind mount, create an overlay mount with an upper
directory that will be discarded after the overlay mount is unmounted.
This brings us in line with the expected behavior, wherein writes to
bind mounts should be discarded.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This commit is contained in:
Nalin Dahyabhai
2024-11-06 17:22:49 -05:00
parent 0f5c6fc504
commit 25a3b385af
10 changed files with 329 additions and 148 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/buildah-run.1.md
View File

@@ -118,7 +118,7 @@ BUILDAH\_ISOLATION environment variable. `export BUILDAH_ISOLATION=oci`
Attach a filesystem mount to the container
Current supported mount TYPES are bind, cache, secret and tmpfs.
Current supported mount TYPES are bind, cache, secret and tmpfs. Writes to `bind` and `tmpfs` mounts are discarded after the command finishes, while changes to `cache` mounts persist across uses.
e.g.
@@ -130,11 +130,11 @@ Current supported mount TYPES are bind, cache, secret and tmpfs.
Common Options:
· src, source: mount source spec for bind and volume. Mandatory for bind. If `from` is specified, `src` is the subpath in the `from` field.
· src, source: mount source spec for bind and cache. Mandatory for bind. If `from` is specified, `src` is the subpath in the `from` field.
· dst, destination, target: mount destination spec.
· dst, destination, target: location where the command being run should see the content being mounted.
· ro, read-only: true or false (default).
· ro, read-only: (default true for `type=bind`, false for `type=tmpfs`, `type=cache`).
Options specific to bind:
@@ -142,7 +142,7 @@ Current supported mount TYPES are bind, cache, secret and tmpfs.
. bind-nonrecursive: do not setup a recursive bind mount. By default it is recursive.
· from: stage or image name for the root of the source. Defaults to the build context.
· from: image name for the root of the source. Defaults to **--contextdir**, mandatory if **--contextdir** was not specified.
· z: Set shared SELinux label on mounted destination. Use if SELinux is enabled on host machine.
@@ -162,7 +162,7 @@ Current supported mount TYPES are bind, cache, secret and tmpfs.
Options specific to cache:
· id: Create a separate cache directory for a particular id.
· id: Distinguish this cache from other caches using this ID rather than the target mount path.
· mode: File mode for new cache directory in octal. Default 0755.
@@ -174,6 +174,8 @@ Current supported mount TYPES are bind, cache, secret and tmpfs.
· from: stage name for the root of the source. Defaults to host cache directory.
· sharing: Whether other users of this cache need to wait for this command to complete (`sharing=locked`) or not (`sharing=shared`, which is the default).
· z: Set shared SELinux label on mounted destination. Enabled by default if SELinux is enabled on the host machine.
· Z: Set private SELinux label on mounted destination. Use if SELinux is enabled on host machine.