Adds AddNames and RemoveNames so operations which are invoked in parallel
manner can use it without destroying names from storage.
For instance
We are deleting names which were already written in store.
This creates faulty behavior when builds are invoked in parallel manner, as
this removes names for other builds.
To fix this behavior we must append to already written names and
override if needed. But this should be optional and not break public API
Following patch will be used by parallel operations at podman or buildah end, directly or indirectly.
Signed-off-by: Aditya R <arajan@redhat.com>
when the container specifies some mappings to be applied, verify that
they are not overlapping and give a clearer error message.
Closes: https://github.com/containers/storage/issues/1127
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Currently when we build podman bindings we are pulling in the entire
storage libraries, even though we only need a few structures and
functions.
Testing with the following program
```
package main
import (
"fmt"
"github.com/containers/storage/types"
)
func main() {
fmt.Println(types.GetRootlessRuntimeDir(0))
}
```
Removing types above gives me compile size of the the program
du -s t.old t.new
9640 t.before
3232 t.after
Currently these functions are being vendored into
containers/common/pkg/config, which leads to large size in podman-remote
and podman bindings.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Implement reader-writer locks to allow allow multiple readers to hold
the lock in parallel.
* The locks are still based on fcntl(2).
* Changing the lock from a reader to a writer and vice versa will block
on the syscall.
* A writer lock can be held only by one process. To protect against
concurrent accesses by gourtines within the same process space, use a
writer mutex.
* Extend the Locker interface with the `RLock()` method to acquire a
reader lock. If the lock is set to be read-only, all calls to
`Lock()` will be redirected to `RLock()`. A reader lock is only
released via fcntl(2) when all gourtines within the same process space
have unlocked it. This is done via an internal counter which is
protected (among other things) by an internal state mutex.
* Panic on violations of the lock protocol, namely when calling
`Unlock()` on an unlocked lock. This helps detecting violations in
the code but also protects the storage from corruption. Doing this
has revealed some bugs fixed in ealier commits.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add store methods for finding the list of UIDs and GIDs which probably
need to be mapped if a given layer or container's layer, which has to
have been mounted at least once in order for us to know where it goes,
is going to be used for a container that is run with the configured ID
mappings in a separate user namespace.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Teach image and container store types to also track the digests of "big
data" items that we have them store.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When we read itms from disk, if maps in the structures are empty, they
won't be allocated as part of the decoding process. When we
subsequently go to read or write something from such a map, make sure
it's been initialized.
Add some validation of names that we convert to file names, and of
digest values, so that we can be more precise about the error code we
return when there's a problem with the values.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Use the standard library's "errors" package to create errors so that
backtraces in wrapped errors terminate at the point where the error was
first wrapped, and not at the line where we created the error, which
isn't as useful for troubleshooting.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Aditya R
Giuseppe Scrivano
Daniel J Walsh
Valentin Rothberg
Nalin Dahyabhai