there is no reason to mount the first layer as writeable. If fixes mounting
layers that are in a read-only location like an additional image store, or
are backed by composefs.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
gofumpt is a superset of gofmt, enabling some more code formatting
rules.
This commit is brought to you by
gofumpt -w .
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Supporting macOS presents a number of challenges since the lack of
user namespaces means that operations that alter the ownership or
permissions on a file face harsh limitations, since are requested by
an unprivileged user that may need to potentially operate on arbitrary
uids/gids.
To overcome this challenges, we rely on the existing "forceMask"
feature to store the actual ownership and permission bits as an
extended attribute entry on each file.
In addition to automatically enabling "forceMask" when running on
macOS, we also need some minor changes to ensure the compatibility
with this OS. The most significant is the fact that, on macOS
SafeLchmod and SafeChmod also operate on the extended attributes, to
allow us to properly create the directories supporting the image.
With this changes in place, buildah is able to perform basic
operations on OCI images, such as downloading the image, creating a
working container, and removing them.
Signed-off-by: Sergio Lopez <slp@redhat.com>
The parent layer, by virtue of being a parent layer isn't going to be
modified, so default to mounting it read-only.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
If we are just mounting the parent directory, we should do it read
only. We should not use the upper and work directory.
If there is only one lower directory we should return that path. No
reason to mount the lower directory at all.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Modified patch of Kevin Pelzel.
Also changed ApplyDiff to take new ApplyDiffOpts Struct.
Signed-off-by: Kevin Pelzel <kevinpelzel22@gmail.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This patch adds a MountOpts field to the drivers so we can simplify
the interface to Get and allow additional options to be passed in the future.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Expose reading and writing ID mapping in the archive and chrootarchive
packages, and in the driver interface. Generally this means that
when computing or applying diffs, we need to have ID mappings passed in
that are specific to the layers we're using.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add support to the Store objects for per-container UID/GID mapping.
* UID and GID maps can be specified when creating layers and containers.
* If mapping options are specified when creating a container, those
options are used for creating the layer which we create for the
container and recorded with the container for convenience.
* A layer defaults to using the ID mapping configured for its parent, or
to the default which was used to initialize the Store object if it has
no parent.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Currently when we do a commmit, we are mounting the container without using
the mountlabel. In certain situations we can leak mount points where the
image is already mounted with a label. If you then attempt to commit the
image, the kernel will attempt to mount the image without a label. The
kernel will reject this mount since SELinux does not allow the same image
to be mounted with different labels.
Passing down the label to the diff drivers, fixes this issue.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The skopeo package builds on Darwin use Go 1.7, so make sure we can
build on it, by replacing a call to time.Until(t) with
t.Sub(time.Now()), as suggested in the standard library documentation.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Had to vendor in a new version of golang.org/x/net to build
Also had to make some changes to drivers to handle
archive.Reader -> io.Reader
archive.Archive -> io.ReadCloser
Also update .gitingore to ignore emacs files, containers-storage.*
and generated man pages.
Also no longer test travis against golang 1.7, cri-o, moby have also
done this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Also updates github.com/Microsoft/hcsshim
and github.com/docker/go-connections so they work
with the newer version of logrus.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Remove the GetPutWrapper interfaces, which shouldn't be necessary if the
counter checker works correctly (which should ensure that Diff() ends
with the layer either mounted or unmounted, as it was before it was
called), and which didn't integrate properly with overlay2.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When computing the differences between two layers, attempt to avoid
disrupting users of those layers by using possibly-refcounted
Mount/Unmount callbacks, if provided, instead of calling a driver's own
Get/Put methods correctly.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Rename the library module and CLI wrapper.
Rename daemon/graphdriver to drivers.
Catch up vendoring to match modules we've pruned.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Giuseppe Scrivano