Insisting on “DCO” imposes formalities, that serve self-purpose. One cannot
assume that the submitter has time or will to read texts about symbolism in
software contributions. If the system wants to see the text
nrEAUIEUAIe eanuitdnuae EAIUEAUIAIE »ℓ§444.3.72b)°»°ℓ§euaieauuae
in each commit, people will write this, or any other text, that the system wants to
see. All such text, which presence is mandated by the system, has the same value.
Signed-off-by: Дилян Палаузов <git-dpa@aegee.org>
drop host deduplication by just looking at the file path. It could be
useful in very specific use cases, but it is too expensive for generic
images. If the need arises, we first need to create an index of the
files that we can deduplicate so there is no need to calculate the
checksum on the fly.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
We have had cases where users assume that create a storage.conf file in
their home directory, will still inherit fields from the system
storage.conf files. Need to clear this up in the storage.conf file and
man page.
Fixes: https://github.com/containers/podman/issues/11778
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This patch fixes the handling of inodes and sizes, currently if
user sets indoes and sizes together, quota is only set on sizes.
Second problem with quota is that we have to have unigue projectids
for each directory. Originally container/storage only did quota on
rootfs, now we want to support it on volumes as well. We need to be
able to get unigue projectids for these two different parent
directories. The added function, attempts to maintain at least 10,000
unigue id's based on the inode of the parent directory. I know that this
is not perfect and we have a potential for overlay. If you have a
better algorythm, I would love to use it.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
quota for overlay also supports setting the maximum number of
inodes. OpenShift would like to be able to set this to control the
number of inodes added to an image or to a volume.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The storage driver set in `/etc/containers/storage.conf` was ignored for rootless configurations.
Rootless configurations would use overlay or vfs by default.
If the STORAGE_DRIVER environment was variable set, this value would be used instead.
This commit changes this behavior to inherit the driver set in `/etc/containers/storage.conf`.
To inherit the driver in rootless configurations, the driver must be valid in a rootless context.
The valid rootless drivers are btrfs, overlay, and vfs at this time.
To remain consistent with previous behavior, the STORAGE_DRIVER environment variable supersedes any driver set in `/etc/containers/storage.conf` and does not need to be a valid rootless driver.
buildah's documentation for the `--storage-driver` command will need to be updated to reflect these changes.
Systemd is now complaining or mentioning /var/run as a legacy directory.
It has been many years where /var/run is a symlink to /run on all
most distributions, make the change to the default.
Partial fix for https://github.com/containers/podman/issues/8369
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Users expect the storage to handle the fact that the
driver field is not set, but this can lead to unexpected behaviour.
Caused me to spend several hours investigating an issue, where
the overlay options were not being used, because the user created
a storage.conf file without a graphdriver.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
if force mask is configured, store the original permissions in the
'user.containers.override_stat` xattr.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
force_mask sets a permission mask used for the new files and
directories.
It is useful for using a NFS share for the rootless storage. It
requires this change in fuse-overlayfs:
https://github.com/containers/fuse-overlayfs/pull/246
[storage]
driver = "overlay"
graphroot = "/mnt/nfs/home/storage"
[storage.options]
size = ""
mountopt = "xattr_permissions=2"
[storage.options.overlay]
force_mask = "0755"
ignore_chown_errors = "true"
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Containers storage is committed to inclusivity, a core value of open source. Historically, there have been technology terms that are problematic and divisive, and should be changed. We are currently taking time to audit our repository in order to eliminate such terminology, and replace it with more inclusive terms. We are starting where we can, with our own code, comments, and documentation. However, some of these terms are currently used within the Linux kernel and must be used as-is at this time. When the kernel maintainers rectify this usage, containers storage will follow suit immediately.
For more information: https://www.redhat.com/en/blog/making-open-source-more-inclusive-eradicating-problematic-language?sc_cid=701600000011gf0AAA
Signed-off-by: Ashley Cui <acui@redhat.com>
Certain workloads, we would like to eliminate the mounting of containers-storage as private.
Running containers within containers for example.
This looks like it was accidently removed in the past, since there was still partial
implementation.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
automatically pick an empty range and create an user namespace for the
container.
For root containers, it is necessary to specify an entry in
the /etc/subuid and /etc/subgid files to use for picking the range of
available IDs. This is necessary to avoid collisions with IDs used
for rootless containers. This setting is ignored for rootless
containers, since it is not possible to use arbitrary IDs, and the
initial set is always picked by the IDs assigned to the rootless
user.
When using auto userns, a container will use a range of IDs that is
not used by any other container user namespace, also those that are
not using auto userns, this is checked at creation time.
A successive container that doesn't use auto userns feature can still
collide with IDs used by an auto userns container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
change the default user used for root containers to lookup the id
ranges in /etc/sub*id to "containers".
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This allows rootless admins to setup alternative
paths to content in the homedir.
Rootless users on NFS homedirs will not be allowed to run
podman, if an admin wants to setup alternative directory say
in /var/tmp on local storage, they could configure the storage.conf
file and then all users would automatically get storage in /var/tmp.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Qi Wang <qiwan@redhat.com>
Currently users get an error message saying overlay is not supported on specific
drivers, but their is no information about the mount_program in the error
messages. This PR adds a mention of this so that users can investigate the use
of the mount_program.
Also add information to the containers-storage.conf man page to document when
the mount_program is required to be used for an overlay driver.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Storage options are really driver specific and it is when distributions set
defaults, they should not effect the user if he changes the default driver.
By moving the storage options to be driver specific, we can make sure all
drivers only document and support their options.
With this patch we will continue to support the global mountopt but the driver
specific version will override the global mountopt.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
it was an attempt to use OSTree to deduplicate files, at the time we
already had a dependency on OSTree for system containers in
containers/image. Since the feature never really took off, let's just
drop it.
Closes: https://github.com/containers/storage/issues/419
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Modified patch of Kevin Pelzel.
Also changed ApplyDiff to take new ApplyDiffOpts Struct.
Signed-off-by: Kevin Pelzel <kevinpelzel22@gmail.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We want to create a containers-storage package which can install the man pages.
This package will be pulled in via containers-common.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit uses internal tools vendoring to switch to golangci-lint. All
working linters have been enabled. The other tools have been vendored as
well into the same tools folder, whereas the corresponding test and
build targets have been adapted as well.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
On the relabeling instructions, it's quite confusing to use a variable
on the first command, and then a literal location on the second one.
Signed-off-by: Cleber Rosa <crosa@redhat.com>
Fix the sections and their titles in the manpage for containers-storage.conf.
Section titles are all capitalized and don't end with a period.
Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
Add to the main manpage the reference to the fact that OSTree will be
used for file deduplication on readonly layers if:
* ostree_repo configured,
* containters-storage build with support for OSTree
That information was missing throughout all the documentation.
Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
The manpage of the configuration goes to section 5 instead of 1, like
most of the other manpages. Therefore the existing code wasn't handling
the manpage for 'containers-storage.conf' not appropriately.
Signed-off-by: Silvano Cirujano Cuesta <silvano.cirujano-cuesta@siemens.com>
Nalin Dahyabhai