Skip to content

Use OPEN_TREE_NAMESPACE #2086

Description

@EmilyShepherd

Linux recently added the OPEN_TREE_NAMESPACE option to the open_tree() syscall which does two things:

  • Combines unshare(CLONE_NEWNS) and pivot_root() into a single syscall rather than two
  • Only clones submounts within the specified newrootfs, reducing the need to recursively umount the oldrootfs during container setup.

The benefit of the first point is unclear for crun as it looks like its unshare and pivot root logic sits in separate areas, however the second point could potentially reduce the amount of setup crun needs to do as well taking the load of the kernel in needlessly copying lots of mounts that are destined to be umounted immediately.

afaik OPEN_TREE_NAMESPACE is only in Linux 7.0 so it is quite early to support.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions