Ensure that devices are under /dev #1147
Comments
c3d
added a commit
to c3d/runtime-spec
that referenced
this issue
May 3, 2022
Clarify that device nodes need not be under `/dev`, but that the runtime need to be informed of all the device nodes that are used by the container. Virtual-machine based runtimes such as Kata Containers need to be able to perform adjustment on device nodes, and cannot be required to deep-scan file-systems to do so. The proposed wording was chosen to avoid any regression for any workload mounding nodes elsewhere, while at the same time clarifying that correct behaviour cannot be guaranteed if a device node is created on the host and used by the container without being passed in the devices list. This fixes issue opencontainers#1147. Signed-off-by: Christophe de Dinechin <[email protected]>
c3d
added a commit
to c3d/runtime-spec
that referenced
this issue
May 3, 2022
Clarify that device nodes need not be under `/dev`, but that the runtimes need to be informed of all the device nodes that are used by the container. Virtual-machine based runtimes such as Kata Containers need to be able to perform adjustment on device nodes, and cannot be required to deep-scan file-systems to do so. The proposed wording was chosen to avoid any regression for any workload mounding nodes elsewhere, while at the same time clarifying that correct behaviour cannot be guaranteed if a device node is created on the host and used by the container without being passed in the devices list. This fixes issue opencontainers#1147. Signed-off-by: Christophe de Dinechin <[email protected]>
|
In my humble opinion, OTOH your scenario might be valid, too, so if you can either elaborate on it (does Kata containers need to explicitly find all device nodes in container filesystem? what for? is it currently only looking under /dev?), or just open a PR to modify/amend the existing wording in the spec, and we can discuss it further right there in the PR. |
c3d
added a commit
to c3d/runtime-spec
that referenced
this issue
May 5, 2022
Clarify that device nodes need not be under `/dev`, but that the runtimes need to be informed of all the device nodes that are used by the container. Virtual-machine based runtimes such as Kata Containers need to be able to perform adjustment on device nodes, and cannot be required to deep-scan file-systems to do so. The proposed wording was chosen to avoid any regression for any workload mounding nodes elsewhere, while at the same time clarifying that correct behaviour cannot be guaranteed if a device node is created on the host and used by the container without being passed in the devices list. This fixes issue opencontainers#1147. Signed-off-by: Christophe de Dinechin <[email protected]>
c3d
added a commit
to c3d/runtime-spec
that referenced
this issue
Aug 10, 2022
Clarify that device nodes need not be under `/dev`, but that the runtimes need to be informed of all the device nodes that are used by the container. Virtual-machine based runtimes such as Kata Containers need to be able to perform adjustment on device nodes, and cannot be required to deep-scan file-systems to do so. The proposed wording was chosen to avoid any regression for any workload mounding nodes elsewhere, while at the same time clarifying that correct behaviour cannot be guaranteed if a device node is created on the host and used by the container without being passed in the devices list. This fixes issue opencontainers#1147. Signed-off-by: Christophe de Dinechin <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In the Linux device specification, all the examples indicate devices created under
/dev. However, it is not specified if this is necessary or mandated.We recently ran across a test that specifically puts devices under
/mnt, and that makes me wonder if this is legitimate. This notably causes possible problems with VM-based runtimes such as Kata containers. Without specific precautions, they would be forced to scan volumes in search for device nodes, in order to make necessary adjustments.I believe that the wording should be improved to explicitly state that devices can be placed anywhere, but that they MUST be referenced from the devices array, and not left anywhere in the file systems. (This is an update, the old suggestion was: "can only be placed under
/devon Linux, and that having device nodes anywhere else has undefined behaviour", but I realized this could break existing usage).The text was updated successfully, but these errors were encountered: