When running as non-root, the code previously checked
if usePerUserStorage() before applying default paths
for RunRoot and GraphRoot if they were missing from
the configuration file. This check prevented defaults
from being applied if the STORAGE_DRIVER environment
variable was set.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This fixes the following linter warning:
> types/utils.go:17:9: QF1004: could use strings.ReplaceAll instead (staticcheck)
> path = strings.Replace(path, "$UID", strconv.Itoa(rootlessUID), -1)
> ^
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Functions strings.CutPrefix and strings.CutSuffix are available
since Go 1.20 and can be used instead of strings.Has* counterparts
when the latter is followed by removing the prefix or suffix.
This simplifies the code a bit, allowing for less mistakes.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
drop the possibility to configure a remapping for all the layers in
the storage.
The feature dates back to the initial fork from Docker, that supported
a single user namespace where all the images were pulled. It was never
used by the container tools since we have a finer control of the user
namespaces.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
For packaging for NetBSD, we will patch this file anyway (we don't
have a hard-coded install directory for packages)
Signed-off-by: Maya Rashish <maya@NetBSD.org>
drop the rootless argument from DefaultStoreOptions and
UpdateStoreOptions since this can be retrieved internally through the
unshare package.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Fetch prior drivers if any using `ReadDir` and looking for traces of
`%s-images` dirs if present already on the system where `%s` is the
prior driver.
Signed-off-by: Aditya R <arajan@redhat.com>
gofumpt is a superset of gofmt, enabling some more code formatting
rules.
This commit is brought to you by
gofumpt -w .
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Remap-User/Group setting is always override by
Remap-UIDs/GIDs setting and ignored.
This commit enables Remap-User/Group setting.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
There is no need for `vfs` to be the default storage driver since kernel
>= 5.13 supports `overlay` natively however there is use-case for users
who don't had any configs and they started using `vfs` in a default
manner following check is a hack to keep `buildah` and `podman` working
for such users.
See: https://github.com/containers/storage/pull/1571 for prior
discussions.
Signed-off-by: Aditya R <arajan@redhat.com>
if there are no configuration files present, attempt to use overlay
for rootless if fuse-overlayfs is installed or if the kernel is >= 5.13.
Closes: https://github.com/containers/storage/issues/1570
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Allow storage users to split the filesystem of containers vs image
store, `imagestore` if configured will pull images in image storage
instead of the `graphRoot` while keeping the other parts still in the
originally configured `graphRoot`.
overlay: set workdir and upperdir according to splitstore
If splitstore is set `workdir` and `upperdir` must go into the
splitstore i.e `graphRoot`.
Signed-off-by: Aditya R <arajan@redhat.com>
Add initial Check() and Repair() methods to Stores.
Check() checks for inconsistencies between the layers which the
lower-level storage driver claims to know about and the ones which we
know we're managing. It checks that layers referenced by layers,
images, and containers are known to us and that images referenced by
containers are known to us. It checks that data which we store
alongside layers, images, and containers is still present, and to the
extent which we store other information about that data (frequenly just
the size of the data), verifies that it matches recorded expectations.
Lastly, it checks that layers which are part of images (and which we
therefore know what they should have in them) have the expected content,
and nothing else.
Repair() removes any containers, images, and layers which have any
errors associated with them. This is destructive, so its use should be
considered and deliberate.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
make sure that the runroot and graphroot are not empty otherwise we will
end up using an empty directory as path prefix and create files in the
current directory.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
when running in rootful mode, if it is present, prefer the override path
/etc/containers/storage.conf instead of using the default storage.conf
provided by the package under the /usr/share/containers/ directory.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This is an amend to https://github.com/containers/storage/pull/1460
That PR was not addressing the case when the system wide config had the
driver_priority option configured and the user had no config file of their
own. Then `getRootlessStorageOpts` would be called and it would override the
graph driver to "vfs".
With this commit we only override the graph driver if driver priority is
empty. Otherwise we propagate the driver priority into the storage options, so
that the driver autodetection works as expected.
Signed-off-by: Dan Čermák <dcermak@suse.com>
Currently we would display an error when the user does not specify a `driver` in
their config file. This has been present for historical reasons mostly to
prevent users from accidentally getting the vfs
driver (https://github.com/containers/storage/pull/1460#issuecomment-1370866271). Now
that most systems support the overlay driver natively, we can reduce this to a
warning and only warn about it if the driver_priority list is unset. If it is
provided, then clearly the user or the distribution wanted for c/storage to pick
a driver itself and the warning would be only confusing to users.
Signed-off-by: Dan Čermák <dcermak@suse.com>
Want to allow Podman to print helpful error message when
users runs out of UIDs to use with podman run --userns=auto.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently Podman warns when attempting to reset storage, if the
system wide storage.conf file
/usr/share/containers/storage.conf exists.
Since distros ship this, we need to allow Podman to check if the
default is the System default and therefore do not warn.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently running a simple container runs and stats configuration
storage.conf files multiple times on a simple container run.
This PR cuts the opens and stats in half by caching the first read.
This speeds up start by about 10-20 microseconds.
If container engines want to react to storage files changing, added a
new function UpdateStoreOptions to allow engines to reload options.
Fixes: https://github.com/containers/storage/issues/1403
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Follow up to https://github.com/containers/storage/pull/1357
Podman tests suggest that do not need to use XDG_CONFIG_HOME if
storage.conf does not exists. In that case we fall back to
/etc/containers/storage.conf and /usr/share/containers/storage.conf
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
HPC Customers noticed that storage was attempting to read files in /usr
and /etc, even though they set XDG_CONFIG_HOME, they expect to only read
config files in this directory.
Fixes: https://github.com/containers/podman/issues/15680
(Actually partial fixes), need to look at other config files.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit replaces `ioutil.TempDir` with `t.TempDir` in tests. The
directory created by `t.TempDir` is automatically removed when the test
and all its subtests complete.
Prior to this commit, temporary directory created using `ioutil.TempDir`
needs to be removed manually by calling `os.RemoveAll`, which is omitted
in some tests. The error handling boilerplate e.g.
defer func() {
if err := os.RemoveAll(dir); err != nil {
t.Fatal(err)
}
}
is also tedious, but `t.TempDir` handles this for us nicely.
Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
This allows consumers of this library to rely on the in-memory default
rather than requiring a storage.conf.
Refers to https://github.com/containers/storage/pull/1279 and
1f647d954f
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
We now use the golang error wrapping format specifier `%w` instead of the
deprecated github.com/pkg/errors package.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
when the configuration file was explicitly specified, all the graph
drivers options are copied, not only the ones allowed for rootless.
Closes: https://github.com/containers/storage/issues/1278
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
otherwise changes applied later to the object are propagated to the
copy in prevReloadConfig.storeOptions.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
if the CONTAINERS_STORAGE_CONF environment variable is set and the
specified file doesn't exist, then return an error.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Giuseppe Scrivano