From 012e457b91ffde37376ce5d3598736fc67b87e69 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Mon, 30 Jan 2023 23:15:11 +0100 Subject: [PATCH 1/4] overlay: honor disableShifting Signed-off-by: Giuseppe Scrivano --- drivers/overlay/overlay.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/overlay/overlay.go b/drivers/overlay/overlay.go index be7406b9a..1d04acb3b 100644 --- a/drivers/overlay/overlay.go +++ b/drivers/overlay/overlay.go @@ -1505,7 +1505,7 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO } } - if d.supportsIDmappedMounts() && len(options.UidMaps) > 0 && len(options.GidMaps) > 0 { + if !disableShifting && len(options.UidMaps) > 0 && len(options.GidMaps) > 0 { var newAbsDir []string mappedRoot := filepath.Join(d.home, id, "mapped") if err := os.MkdirAll(mappedRoot, 0700); err != nil { From 9e879f0ed78d73248d238d9cfed023279c0dec0f Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Mon, 30 Jan 2023 23:16:24 +0100 Subject: [PATCH 2/4] overlay: drop fuse-overlayfs specific tests we added these tests to validate fuse-overlaysfs. Drop them since they change the code flow and it conflicts with idmapped mounts support. Signed-off-by: Giuseppe Scrivano --- drivers/overlay/overlay.go | 3 --- tests/idmaps.bats | 24 ------------------------ 2 files changed, 27 deletions(-) diff --git a/drivers/overlay/overlay.go b/drivers/overlay/overlay.go index 1d04acb3b..1edc312e6 100644 --- a/drivers/overlay/overlay.go +++ b/drivers/overlay/overlay.go @@ -2098,9 +2098,6 @@ func (d *Driver) supportsIDmappedMounts() bool { // SupportsShifting tells whether the driver support shifting of the UIDs/GIDs in an userNS func (d *Driver) SupportsShifting() bool { - if os.Getenv("_TEST_FORCE_SUPPORT_SHIFTING") == "yes-please" { - return true - } if d.options.mountProgram != "" { return true } diff --git a/tests/idmaps.bats b/tests/idmaps.bats index c08358f75..2267a5352 100644 --- a/tests/idmaps.bats +++ b/tests/idmaps.bats @@ -961,30 +961,6 @@ load helpers imagename=idmappedimage-shifting storage create-image --name=$imagename $lowerlayer - - _TEST_FORCE_SUPPORT_SHIFTING=yes-please run storage --debug=false create-container --uidmap 0:1000:1000 --gidmap 0:1000:1000 $imagename - echo "$output" - [ "$status" -eq 0 ] - [ "$output" != "" ] - - container="$output" - - # Mount the container. - _TEST_FORCE_SUPPORT_SHIFTING=yes-please run storage --debug=false mount $container - echo "$output" - [ "$status" -eq 0 ] - dir="$output" - test "$(stat -c%u:%g $dir/file)" == "0:0" - _TEST_FORCE_SUPPORT_SHIFTING=yes-please run storage --debug=false unmount "$container" - [ "$status" -eq 0 ] - - # Remove the container and image and check that all of the layers we used got removed. - _TEST_FORCE_SUPPORT_SHIFTING=yes-please run storage --debug=false delete-container $container - _TEST_FORCE_SUPPORT_SHIFTING=yes-please run storage --debug=false delete-image $imagename - _TEST_FORCE_SUPPORT_SHIFTING=yes-please run storage --debug=false layers - echo "$output" - [ "$status" -eq 0 ] - [ "$output" == "" ] } @test "idmaps-create-layer-from-another-image-store" { From 325285e8a088a60174922c065bbd5b1e46dcad5d Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 31 Jan 2023 10:01:30 +0100 Subject: [PATCH 3/4] tests: disable idmapping feature in overlay that is the expectation of the tests when they check for the mapping in the mounted layers. Signed-off-by: Giuseppe Scrivano --- drivers/overlay/overlay.go | 3 +++ tests/helpers.bash | 3 +++ 2 files changed, 6 insertions(+) diff --git a/drivers/overlay/overlay.go b/drivers/overlay/overlay.go index 1edc312e6..aaef45f08 100644 --- a/drivers/overlay/overlay.go +++ b/drivers/overlay/overlay.go @@ -2098,6 +2098,9 @@ func (d *Driver) supportsIDmappedMounts() bool { // SupportsShifting tells whether the driver support shifting of the UIDs/GIDs in an userNS func (d *Driver) SupportsShifting() bool { + if os.Getenv("_CONTAINERS_OVERLAY_DISABLE_IDMAP") == "yes" { + return false + } if d.options.mountProgram != "" { return true } diff --git a/tests/helpers.bash b/tests/helpers.bash index 831e06d91..5f9ef2bbe 100755 --- a/tests/helpers.bash +++ b/tests/helpers.bash @@ -21,6 +21,9 @@ function setup() { TESTDIR=${BATS_TMPDIR}/tmp.${suffix} rm -fr ${TESTDIR} mkdir -p ${TESTDIR}/{root,runroot} + # disable idmapped mounts in the overlay driver, since that + # is the expectation in the idmaps.bats tests. + export _CONTAINERS_OVERLAY_DISABLE_IDMAP=yes } # Delete the unique root directory and a runroot directory. From e0a031d479dc006624d2bf5993e1a367d39bbb43 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Tue, 17 Jan 2023 10:39:48 -0500 Subject: [PATCH 4/4] Cirrus: Update CI VM Images to F37 Signed-off-by: Chris Evich --- .cirrus.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 40a38d67c..9d8813016 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -17,13 +17,13 @@ env: #### #### Cache-image names to test with (double-quotes around names are critical) ### - FEDORA_NAME: "fedora-36" - UBUNTU_NAME: "ubuntu-2204" + FEDORA_NAME: "fedora-37" ### 20230120t152650z-f37f36u2204 + UBUNTU_NAME: "ubuntu-2204" ### 20230120t152650z-f37f36u2204 # GCE project where images live IMAGE_PROJECT: "libpod-218412" # VM Image built in containers/automation_images - IMAGE_SUFFIX: "c5878804328480768" + IMAGE_SUFFIX: "c20230120t152650z-f37f36u2204" FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}" UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}"