In OpenShift Container Platform 3.11 we are using Docker container technology. And Docker adds this symbolic link for `/etc/mtab` to all containers everytime if the Dockerfile doesn't contain the entry for symlink. [https://github.com/moby/moby/blob/b3e9f7b13b0f0c414fa6253e1f17a86b2cff68b5/daemon/initlayer/setup_unix.go#L20 ](https://github.com/moby/moby/blob/b3e9f7b13b0f0c414fa6253e1f17a86b2cff68b5/daemon/initlayer/setup_unix.go#L20) ~~~ // Setup populates a directory with mountpoints suitable // for bind-mounting things into the container. // // This extra layer is used by all containers as the top-most ro layer. It protects // the container from unwanted side-effects on the rw layer. func Setup(initLayerFs containerfs.ContainerFS, rootIdentity idtools.Identity) error { // Since all paths are local to the container, we can just extract initLayerFs.Path() initLayer := initLayerFs.Path() for pth, typ := range map[string]string{ "/dev/pts": "dir", "/dev/shm": "dir", "/proc": "dir", "/sys": "dir", "/.dockerenv": "file", "/etc/resolv.conf": "file", "/etc/hosts": "file", "/etc/hostname": "file", "/dev/console": "file", "/etc/mtab": "/proc/mounts", } ~~~ The CRI-O doesn't seems to do it. Upstream Issue: https://github.com/cri-o/cri-o/issues/2036
https://github.com/cri-o/cri-o/issues/2036#issuecomment-488674544
No update this sprint
Did not get completed this sprint.
Hi, can you estimate when a fix for this problem will be available and will it be backported to all supported versions? We ran in this problem and we are currently running OCP 4.7.12 and want to stay at 4.7.x until EOL. best regards
Qi, any ETA on the fix?
I will start working on this issue, so the ETA will be 4.9.
Status set to MODIFIED, https://github.com/cri-o/cri-o/pull/5051 just merged.
verified with version : 4.9.0-0.nightly-2021-08-25-010624 create a pod using image httpd:latest, and run command in this container: # ls -l /etc/mtab lrwxrwxrwx. 1 root root 12 Aug 25 08:09 /etc/mtab -> /proc/mounts # ls -l /proc/mounts lrwxrwxrwx. 1 root root 11 Aug 25 08:10 /proc/mounts -> self/mounts
Qi -- Can you take a look at my proposed release note for this BZ? I saw your doc text and made a few changes to match our style. I want to make sure i didn't change the meaning. Thank you in advance. Michael * Previously, in containers, CRI-O did not create a symlink from `/proc/mounts` file to the `/etc/mtab` file. As a consequence, the mount functions within the container did not work. CRI-O now adds the symlink. As a result, users the mount functions are working as expected within containers.
(In reply to Michael Burke from comment #15) > Qi -- Can you take a look at my proposed release note for this BZ? I saw > your doc text and made a few changes to match our style. I want to make sure > i didn't change the meaning. Thank you in advance. > > Michael > > * Previously, in containers, CRI-O did not create a symlink from > `/proc/mounts` file to the `/etc/mtab` file. As a consequence, the mount > functions within the container did not work. CRI-O now adds the symlink. As > a result, users the mount functions are working as expected within > containers. "the mount functions within the container did not work" this is not correct. The mount functions have no issues. The consequence is to allow users to check the list of the mounted devices in the /etc/mtab file.
Qi --Thank you for the clarification! Michael
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3759