Host-side container rootfs bring-up, run during the Linx.Process :ready
checkpoint. Builds the container's filesystem inside its mount namespace and
pivots into it, leaving the workload ready to execve.
Every step runs in the child's mount namespace via in: {:pid, host_pid}.
The sequence mirrors the proven Linx M2 bring-up:
- make
/rec-private — sever mount propagation so nothing leaks back to the host (a child's mount ns is a shared peer of the host's). - bind
rootfs→rootfs, make it private —pivot_rootrequires the new root to be a private mount point. /proc— mounted pidns-aware (Linx forks into the container's PID namespace, so/procshows the container's pids)./dev— a fresh tmpfs with the standard device nodes bind-mounted from the host (mknodis barred in containers; binds are the way)./sys— recursive bind of the host's sysfs.pivot_rootintorootfs, then detach the old root.
All mounts are set up under rootfs and come along with the pivot.
Summary
Functions
Bring up rootfs for the container parked at host_pid. On success the
child's mount namespace has rootfs as /, with /proc, /dev, and /sys
populated. Returns the first error encountered.
Functions
@spec setup(pos_integer(), Path.t(), [{Path.t(), Path.t()}]) :: :ok | {:error, term()}
Bring up rootfs for the container parked at host_pid. On success the
child's mount namespace has rootfs as /, with /proc, /dev, and /sys
populated. Returns the first error encountered.
etc_files is a list of {host_path, in_rootfs_path} to bind into the rootfs
before the pivot — per-pod files (e.g. /etc/resolv.conf, /etc/hosts) that
must not mutate the shared, content-addressed image rootfs.