fn: fixup temp dir read/write permissions if tmp fs size is not set. (#1024)

When TmpFsSize is not set in a route, docker fails to create a /tmp mount that is writable. Forcing docker to explicitly to this if read-only root directory is enabled (default).
2022-10-28 21:29:17 +03:00 · 2018-06-01 09:25:51 -07:00
parent 316940285d
commit f97b63f878
2 changed files with 107 additions and 8 deletions
--- a/api/agent/drivers/docker/docker.go
+++ b/api/agent/drivers/docker/docker.go
@@ -219,7 +219,7 @@ func (drv *DockerDriver) configureFs(log logrus.FieldLogger, container *docker.C
 }

 func (drv *DockerDriver) configureTmpFs(log logrus.FieldLogger, container *docker.CreateContainerOptions, task drivers.ContainerTask) {
-	if task.TmpFsSize() == 0 {
+	if task.TmpFsSize() == 0 && !drv.conf.EnableReadOnlyRootFs {
 		return
 	}

@@ -228,10 +228,12 @@ func (drv *DockerDriver) configureTmpFs(log logrus.FieldLogger, container *docke
 	}

 	var tmpFsOption string
-	if drv.conf.MaxTmpFsInodes != 0 {
-		tmpFsOption = fmt.Sprintf("size=%dm,nr_inodes=%d", task.TmpFsSize(), drv.conf.MaxTmpFsInodes)
-	} else {
-		tmpFsOption = fmt.Sprintf("size=%dm", task.TmpFsSize())
+	if task.TmpFsSize() != 0 {
+		if drv.conf.MaxTmpFsInodes != 0 {
+			tmpFsOption = fmt.Sprintf("size=%dm,nr_inodes=%d", task.TmpFsSize(), drv.conf.MaxTmpFsInodes)
+		} else {
+			tmpFsOption = fmt.Sprintf("size=%dm", task.TmpFsSize())
+		}
 	}
 	target := "/tmp"