gitpod-io
diff --git a/‎components/workspacekit/pkg/seccomp/notify.go
Lines changed: 27 additions & 6 deletions b/‎components/workspacekit/pkg/seccomp/notify.go
Lines changed: 27 additions & 6 deletions
diff --git a/‎components/ws-daemon-api/go/daemon.pb.go
Lines changed: 1 addition & 1 deletion b/‎components/ws-daemon-api/go/daemon.pb.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎components/ws-daemon-api/go/daemon_grpc.pb.go
Lines changed: 1 addition & 1 deletion b/‎components/ws-daemon-api/go/daemon_grpc.pb.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎components/ws-daemon-api/go/mock/mock.go
Lines changed: 41 additions & 1 deletion b/‎components/ws-daemon-api/go/mock/mock.go
Lines changed: 41 additions & 1 deletion
@@ -254,13 +254,20 @@ func (h *InWorkspaceHandler) Mount(req *libseccomp.ScmpNotifReq) (val uint64, er
 		return Errno(unix.EFAULT)
 	}
 
+	var args string
+	if len(req.Data.Args) >= 5 && filesystem == "nfs4" {
+		args, err = readarg.ReadString(memFile, int64(req.Data.Args[4]))
+		log.WithField("arg", 4).WithError(err).Error("cannot read argument")
+	}
+
 	log.WithFields(map[string]interface{}{
 		"source": source,
 		"dest":   dest,
 		"fstype": filesystem,
-	}).Debug("handling mount syscall")
+		"args":   args,
+	}).Info("handling mount syscall")
 
-	if filesystem == "proc" || filesystem == "sysfs" {
+	if filesystem == "proc" || filesystem == "sysfs" || filesystem == "nfs4" {
 		// When a process wants to mount proc relative to `/proc/self` that path has no meaning outside of the processes' context.
 		// runc started doing this in https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f
 		// TODO(cw): there must be a better way to handle this. Find one.
@@ -308,10 +315,21 @@ func (h *InWorkspaceHandler) Mount(req *libseccomp.ScmpNotifReq) (val uint64, er
 				if filesystem == "sysfs" {
 					call = iws.MountSysfs
 				}
-				_, err = call(ctx, &daemonapi.MountProcRequest{
-					Target: dest,
-					Pid:    int64(req.Pid),
-				})
+
+				if filesystem == "sysfs" || filesystem == "proc" {
+					_, err = call(ctx, &daemonapi.MountProcRequest{
+						Target: dest,
+						Pid:    int64(req.Pid),
+					})
+				} else if filesystem == "nfs4" {
+					_, err = iws.MountNfs(ctx, &daemonapi.MountNfsRequest{
+						Source: source,
+						Target: dest,
+						Args:   args,
+						Pid:    int64(req.Pid),
+					})
+				}
+
 				if err != nil {
 					log.WithField("target", dest).WithError(err).Errorf("cannot mount %s", filesystem)
 					return err
@@ -324,7 +342,10 @@ func (h *InWorkspaceHandler) Mount(req *libseccomp.ScmpNotifReq) (val uint64, er
 				if wait > iwsBackoffMaxWait {
 					wait = iwsBackoffMaxWait
 				}
+			} else {
+				break
 			}
+
 		}
 		if err != nil {
 			// We've already logged the reason above