containers
/
storage
mirror of https://github.com/containers/storage.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

overlay, rootless: use user.* instead of trusted.* 

unprivileged users cannot use the trusted.* xattrs.  Since for
rootless we always mount overlay with userxattr, we can just check if
running in rootless mode and use user.* instead of trusted.*.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano 2021-04-06 12:36:52 +02:00
parent 9bf64bb716
commit 345bc79f84
No known key found for this signature in database
GPG Key ID: E4730F97F60286ED
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
drivers/overlay/check.go
View File

@ -10,6 +10,7 @@ import (
"path/filepath"
"syscall"
"github.com/containers/storage/pkg/archive"
"github.com/containers/storage/pkg/ioutils"
"github.com/containers/storage/pkg/mount"
"github.com/containers/storage/pkg/system"
@ -54,7 +55,7 @@ func doesSupportNativeDiff(d, mountOpts string) error {
}
// Mark l2/d as opaque
if err := system.Lsetxattr(filepath.Join(td, "l2", "d"), "trusted.overlay.opaque", []byte("y"), 0); err != nil {
if err := system.Lsetxattr(filepath.Join(td, "l2", "d"), archive.GetOverlayXattrName("opaque"), []byte("y"), 0); err != nil {
return errors.Wrap(err, "failed to set opaque flag on middle layer")
}
@ -78,7 +79,7 @@ func doesSupportNativeDiff(d, mountOpts string) error {
}
// Check l3/d does not have opaque flag
xattrOpaque, err := system.Lgetxattr(filepath.Join(td, "l3", "d"), "trusted.overlay.opaque")
xattrOpaque, err := system.Lgetxattr(filepath.Join(td, "l3", "d"), archive.GetOverlayXattrName("opaque"))
if err != nil {
return errors.Wrap(err, "failed to read opaque flag on upper layer")
}
@ -95,7 +96,7 @@ func doesSupportNativeDiff(d, mountOpts string) error {
return errors.Wrap(err, "failed to rename dir in merged directory")
}
// get the xattr of "d2"
xattrRedirect, err := system.Lgetxattr(filepath.Join(td, "l3", "d2"), "trusted.overlay.redirect")
xattrRedirect, err := system.Lgetxattr(filepath.Join(td, "l3", "d2"), archive.GetOverlayXattrName("redirect"))
if err != nil {
return errors.Wrap(err, "failed to read redirect flag on upper layer")
}
@ -161,7 +162,7 @@ func doesMetacopy(d, mountOpts string) (bool, error) {
if err := os.Chmod(filepath.Join(td, "merged", "f"), 0600); err != nil {
return false, errors.Wrap(err, "error changing permissions on file for metacopy check")
}
metacopy, err := system.Lgetxattr(filepath.Join(td, "l2", "f"), "trusted.overlay.metacopy")
metacopy, err := system.Lgetxattr(filepath.Join(td, "l2", "f"), archive.GetOverlayXattrName("metacopy"))
if err != nil {
return false, errors.Wrap(err, "metacopy flag was not set on file in upper layer")
}