podman: remove mask on /sys/dev/block
The masking of /sys/dev/block was added in 0334b6195820f7261f87a4f4e5d739a6d560f4b2 which constrained the previous /sys/dev masking.
The contents of this filesystem (at least on 5.15.7-200.fc35), is as follows, a bunch of symlinks.
$ ls -la /sys/dev/block
total 0
drwxr-xr-x. 2 root root 0 Dec 26 17:36 .
drwxr-xr-x. 4 root root 0 Dec 26 17:36 ..
lrwxrwxrwx. 1 root root 0 Dec 26 17:37 252:0 -> ../../devices/virtual/block/zram0
lrwxrwxrwx. 1 root root 0 Dec 29 19:03 253:0 -> ../../devices/virtual/block/dm-0
lrwxrwxrwx. 1 root root 0 Dec 29 19:03 253:1 -> ../../devices/virtual/block/dm-1
lrwxrwxrwx. 1 root root 0 Dec 29 19:03 253:2 -> ../../devices/virtual/block/dm-2
lrwxrwxrwx. 1 root root 0 Dec 29 19:03 253:3 -> ../../devices/virtual/block/dm-3
lrwxrwxrwx. 1 root root 0 Dec 29 19:03 259:0 -> ../../devices/pci0000:00/0000:00:1d.4/0000:07:00.0/nvme/nvme0/nvme0n1
lrwxrwxrwx. 1 root root 0 Dec 29 19:03 259:1 -> ../../devices/pci0000:00/0000:00:1d.4/0000:07:00.0/nvme/nvme0/nvme0n1/nvme0n1p1
lrwxrwxrwx. 1 root root 0 Dec 29 19:03 259:2 -> ../../devices/pci0000:00/0000:00:1d.4/0000:07:00.0/nvme/nvme0/nvme0n1/nvme0n1p2
lrwxrwxrwx. 1 root root 0 Dec 29 19:03 259:3 -> ../../devices/pci0000:00/0000:00:1d.4/0000:07:00.0/nvme/nvme0/nvme0n1/nvme0n1p3
lrwxrwxrwx. 1 root root 0 Dec 26 17:37 7:0 -> ../../devices/virtual/block/loop0
lrwxrwxrwx. 1 root root 0 Dec 26 17:37 7:1 -> ../../devices/virtual/block/loop1
lrwxrwxrwx. 1 root root 0 Dec 26 17:37 7:2 -> ../../devices/virtual/block/loop2
lrwxrwxrwx. 1 root root 0 Dec 26 17:37 7:3 -> ../../devices/virtual/block/loop3
lrwxrwxrwx. 1 root root 0 Dec 26 17:37 7:4 -> ../../devices/virtual/block/loop4
lrwxrwxrwx. 1 root root 0 Dec 26 17:37 7:5 -> ../../devices/virtual/block/loop5
lrwxrwxrwx. 1 root root 0 Dec 26 17:37 7:6 -> ../../devices/virtual/block/loop6
The locations where these symlinks point to are still accessible in the container:
$ podman run --rm -ti bash
bash-5.1# uname -a
Linux ef43af629ac1 5.15.7-200.fc35.x86_64 #1 SMP Wed Dec 8 19:00:47 UTC 2021 x86_64 Linux
bash-5.1# ls -lad /sys/devices/pci0000\:00/0000\:00\:1d.4/0000\:07\:00.0/nvme/nvme0/nvme0n1/ /sys/devices/virtual/block/
drwxr-xr-x 12 nobody nobody 0 Jan 5 03:48 /sys/devices/pci0000:00/0000:00:1d.4/0000:07:00.0/nvme/nvme0/nvme0n1/
drwxr-xr-x 14 nobody nobody 0 Jan 5 03:39 /sys/devices/virtual/block/
The reason this information is useful is that MariaDB uses the major/minor device numbers and follows this path to find the physical size of the blocks used for O_DIRECT calls - https://github.com/MariaDB/server/blob/385842e15bbd51ad6cad9cf3bfb69d93d0c36921/storage/innobase/os/os0file.cc#L1319-L1325.
As a feature request:
- Don’t mask /sys/dev/block - it isn’t hiding anything and is useful
- Before you mask /sys/devices, please only block the ones that aren’t volume mounted within the container.
Another discussion found: https://bugzilla.redhat.com/show_bug.cgi?id=1884283 Note: the manual of podman-run doesn’t list this masking.
About this issue
- Original URL
- State: open
- Created 2 years ago
- Comments: 26 (12 by maintainers)
Commits related to this issue
- Relax /sys/dev/block restrictions for volumes and devices User space programs want to access information about the block devices they are operating on. E.g. the block size is an important aspect if d... — committed to grooverdan/podman by grooverdan 2 years ago
- Relax /sys/dev/block restrictions for volumes and devices User space programs want to access information about the block devices they are operating on. E.g. the block size is an important aspect if d... — committed to grooverdan/podman by grooverdan 2 years ago
- Relax /sys/dev/block restrictions for volumes and devices User space programs want to access information about the block devices they are operating on. E.g. the block size is an important aspect if d... — committed to grooverdan/podman by grooverdan 2 years ago
- Relax /sys/dev/block restrictions for volumes and devices User space programs want to access information about the block devices they are operating on. E.g. the block size is an important aspect if d... — committed to grooverdan/podman by grooverdan 2 years ago
- Relax /sys/dev/block restrictions for volumes and devices User space programs want to access information about the block devices they are operating on. E.g. the block size is an important aspect if d... — committed to grooverdan/podman by grooverdan 2 years ago
- Relax /sys/dev/block restrictions for volumes and devices User space programs want to access information about the block devices they are operating on. E.g. the block size is an important aspect if d... — committed to grooverdan/podman by grooverdan 2 years ago
- Relax /sys/dev/block restrictions for volumes and devices User space programs want to access information about the block devices they are operating on. E.g. the block size is an important aspect if d... — committed to grooverdan/podman by grooverdan 2 years ago
- Relax /sys/dev/block restrictions for volumes and devices User space programs want to access information about the block devices they are operating on. E.g. the block size is an important aspect if d... — committed to grooverdan/podman by grooverdan 2 years ago
- Relax /sys/dev/block restrictions for volumes and devices User space programs want to access information about the block devices they are operating on. E.g. the block size is an important aspect if d... — committed to grooverdan/podman by grooverdan 2 years ago
- Relax /sys/dev/block restrictions for volumes and devices User space programs want to access information about the block devices they are operating on. E.g. the block size is an important aspect if d... — committed to grooverdan/podman by grooverdan 2 years ago
Just tell lint to never mind