[RFC PATCH v1] image-container-extension: exclude proc sys dev

[RFC PATCH v1] image-container-extension: exclude proc sys dev

[martin.banov.dev]

From: mabo <mabo@universal-robots.com>

The patch prevents 'cp' from copying the kernel filesystems
into the docker container.
We had CI issues with 'cp' trying to copy /proc/<pid>/pagemap.

Signed-off-by: mabo <mabo@universal-robots.com>
Signed-off-by: Daniel Machon <dama@universal-robots.com>
---
 meta/classes/image-container-extension.bbclass | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/meta/classes/image-container-extension.bbclass b/meta/classes/image-container-extension.bbclass
index cdec463..f4e8d41 100644
--- a/meta/classes/image-container-extension.bbclass
+++ b/meta/classes/image-container-extension.bbclass
@@ -29,9 +29,8 @@ containerize_rootfs() {
         "${oci_img_dir}_unpacked"
 
     # add root filesystem as the flesh of the skeleton
-    sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/"
-    # clean-up temporary files
-    sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete
+    sudo cp -axT "${rootfs}" "${oci_img_dir}_unpacked/rootfs/"
+    
 
     # pack container image
     bbdebug 1 "pack container image"
-- 
2.25.1

Re: [RFC PATCH v1] image-container-extension: exclude proc sys dev

[Henning Schild]

Am Mon,  4 Apr 2022 13:54:20 +0200
schrieb martin.banov.dev@gmail.com:

> From: mabo <mabo@universal-robots.com>
> 
> The patch prevents 'cp' from copying the kernel filesystems
> into the docker container.
> We had CI issues with 'cp' trying to copy /proc/<pid>/pagemap.

I would expect that to only run once that thing is ready to be
"shipped", so all those filesystems should not be mounted any longer.
But the whole mounting logic has been reworked and some of the
umounting might remain lazy ... So we can probably not rule out that
they might for whatever reason be mounted.
And it seems pretty clear that we only want "--one-file-system".

> Signed-off-by: mabo <mabo@universal-robots.com>
> Signed-off-by: Daniel Machon <dama@universal-robots.com>
> ---
>  meta/classes/image-container-extension.bbclass | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/meta/classes/image-container-extension.bbclass
> b/meta/classes/image-container-extension.bbclass index
> cdec463..f4e8d41 100644 ---
> a/meta/classes/image-container-extension.bbclass +++
> b/meta/classes/image-container-extension.bbclass @@ -29,9 +29,8 @@
> containerize_rootfs() { "${oci_img_dir}_unpacked"
>  
>      # add root filesystem as the flesh of the skeleton
> -    sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/"
> -    # clean-up temporary files
> -    sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1
> -delete
> +    sudo cp -axT "${rootfs}" "${oci_img_dir}_unpacked/rootfs/"
> +    

LGTM.

Henning

>      # pack container image
>      bbdebug 1 "pack container image"

Re: [RFC PATCH v1] image-container-extension: exclude proc sys dev

[Henning Schild]

I would suggest to send that again, without the "RFC".

Am Mon,  4 Apr 2022 13:54:20 +0200
schrieb martin.banov.dev@gmail.com:

> From: mabo <mabo@universal-robots.com>

Might want to use your real name here, "Martin Banov" (taken from gmail
From).
But that is up to you, just wanted to point out a potential mistake,
might not be one after all.

> 
> The patch prevents 'cp' from copying the kernel filesystems
> into the docker container.
> We had CI issues with 'cp' trying to copy /proc/<pid>/pagemap.
> 
> Signed-off-by: mabo <mabo@universal-robots.com>

same here.

Henning

> Signed-off-by: Daniel Machon <dama@universal-robots.com>
> ---
>  meta/classes/image-container-extension.bbclass | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/meta/classes/image-container-extension.bbclass
> b/meta/classes/image-container-extension.bbclass index
> cdec463..f4e8d41 100644 ---
> a/meta/classes/image-container-extension.bbclass +++
> b/meta/classes/image-container-extension.bbclass @@ -29,9 +29,8 @@
> containerize_rootfs() { "${oci_img_dir}_unpacked"
>  
>      # add root filesystem as the flesh of the skeleton
> -    sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/"
> -    # clean-up temporary files
> -    sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1
> -delete
> +    sudo cp -axT "${rootfs}" "${oci_img_dir}_unpacked/rootfs/"
> +    
>  
>      # pack container image
>      bbdebug 1 "pack container image"

Re: [RFC PATCH v1] image-container-extension: exclude proc sys dev

[Baurzhan Ismagulov]

Thanks Martin for your submission,

On Mon, Apr 04, 2022 at 05:29:36PM +0200, Henning Schild wrote:
> > From: mabo <mabo@universal-robots.com>
> 
> Might want to use your real name here, "Martin Banov" (taken from gmail
> From).

I'd really second this, copyright issues are already complicated enough :) .

With kind regards,
Baurzhan.