Default mounts set for buildkit

containerd/oci_specs mounts /run, which is not
required by buildkit.

Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>

executor/oci/mounts.go

@@ -0,0 +1,68 @@
+package oci
+
+import (
+	"context"
+
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// MountOpts sets oci spec specific info for mount points
+type MountOpts func([]specs.Mount) []specs.Mount
+
+//GetMounts returns default required for buildkit
+// https://github.com/moby/buildkit/issues/429
+func GetMounts(ctx context.Context, mountOpts ...MountOpts) []specs.Mount {
+	mounts := []specs.Mount{
+		{
+			Destination: "/proc",
+			Type:        "proc",
+			Source:      "proc",
+		},
+		{
+			Destination: "/dev",
+			Type:        "tmpfs",
+			Source:      "tmpfs",
+			Options:     []string{"nosuid", "strictatime", "mode=755", "size=65536k"},
+		},
+		{
+			Destination: "/dev/pts",
+			Type:        "devpts",
+			Source:      "devpts",
+			Options:     []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"},
+		},
+		{
+			Destination: "/dev/shm",
+			Type:        "tmpfs",
+			Source:      "shm",
+			Options:     []string{"nosuid", "noexec", "nodev", "mode=1777", "size=65536k"},
+		},
+		{
+			Destination: "/dev/mqueue",
+			Type:        "mqueue",
+			Source:      "mqueue",
+			Options:     []string{"nosuid", "noexec", "nodev"},
+		},
+		{
+			Destination: "/sys",
+			Type:        "sysfs",
+			Source:      "sysfs",
+			Options:     []string{"nosuid", "noexec", "nodev", "ro"},
+		},
+	}
+	for _, o := range mountOpts {
+		mounts = o(mounts)
+	}
+	return mounts
+}
+
+func withROBind(src, dest string) func(m []specs.Mount) []specs.Mount {
+	return func(m []specs.Mount) []specs.Mount {
+		m = append(m, specs.Mount{
+			Destination: dest,
+			Type:        "bind",
+			Source:      src,
+			Options:     []string{"rbind", "ro"},
+		})
+		return m
+	}
+}

executor/oci/spec_unix.go

@@ -32,8 +32,6 @@ func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mou
 
 	opts = append(opts,
 		oci.WithHostNamespace(specs.NetworkNamespace),
-		withROBind(resolvConf, "/etc/resolv.conf"),
-		withROBind(hostsFile, "/etc/hosts"),
 	)
 
 	// Note that containerd.GenerateSpec is namespaced so as to make
@@ -45,6 +43,11 @@ func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mou
 	s.Process.Args = meta.Args
 	s.Process.Env = meta.Env
 	s.Process.Cwd = meta.Cwd
+
+	s.Mounts = GetMounts(ctx,
+		withROBind(resolvConf, "/etc/resolv.conf"),
+		withROBind(hostsFile, "/etc/hosts"),
+	)
 	// TODO: User
 
 	sm := &submounts{}
@@ -90,18 +93,6 @@ func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mou
 	return s, releaseAll, nil
 }
 
-func withROBind(src, dest string) func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
-	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
-		s.Mounts = append(s.Mounts, specs.Mount{
-			Destination: dest,
-			Type:        "bind",
-			Source:      src,
-			Options:     []string{"rbind", "ro"},
-		})
-		return nil
-	}
-}
-
 type mountRef struct {
 	mount   mount.Mount
 	unmount func() error

worker/runc/runc_test.go

@@ -98,12 +98,11 @@ func TestRuncWorker(t *testing.T) {
 	}
 
 	meta := executor.Meta{
-		Args: []string{"/bin/sh", "-c", "echo \"foo\" > /bar"},
+		Args: []string{"/bin/sh", "-c", "mkdir /run && echo \"foo\" > /run/bar"},
 		Cwd:  "/",
 	}
 
 	stderr := bytes.NewBuffer(nil)
-
 	err = w.Executor.Exec(ctx, meta, snap, nil, nil, nil, &nopCloser{stderr})
 	require.Error(t, err) // Read-only root
 	// typical error is like `mkdir /.../rootfs/proc: read-only file system`.
@@ -116,6 +115,14 @@ func TestRuncWorker(t *testing.T) {
 	err = w.Executor.Exec(ctx, meta, root, nil, nil, nil, nil)
 	require.NoError(t, err)
 
+	meta = executor.Meta{
+		Args: []string{"/bin/ls", "/etc/resolv.conf"},
+		Cwd:  "/",
+	}
+
+	err = w.Executor.Exec(ctx, meta, root, nil, nil, nil, &nopCloser{stderr})
+	require.NoError(t, err)
+
 	rf, err := root.Commit(ctx)
 	require.NoError(t, err)
 
@@ -127,7 +134,9 @@ func TestRuncWorker(t *testing.T) {
 	target, err = lm.Mount()
 	require.NoError(t, err)
 
-	dt, err := ioutil.ReadFile(filepath.Join(target, "bar"))
+	//Verifies fix for issue https://github.com/moby/buildkit/issues/429
+	dt, err := ioutil.ReadFile(filepath.Join(target, "run", "bar"))
+
 	require.NoError(t, err)
 	require.Equal(t, string(dt), "foo\n")