Note that such images can now be stored but they cannot be
pushed yet. Supporting both use cases would be ideal for
source-container images that are known to have a large number
of layers, likely exceeding the current limit of 127 layers.
This limit is inherited from Docker to proactively restrict the
amount and size of arguments passed when mounting. All (lower)
layers must be specified at mount-time but we only have one page
to pass them.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Preservation of user.* xattrs is supported by most (if not all) other
drivers, and it's especially useful for containers that run under a
PaX kernel where "user.pax.flags" is used to store PaX flags.
Signed-off-by: Zac Medico <zmedico@gmail.com>
Some platforms store s.Rdev as unit32, translate to unit64 so it
will compile.
Also add function to make it clear that the object is a whiteout object.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
when a mountProgram is used, attempt to unmount the file system using
fusermount or fusermount3.
If the FUSE writeback cache is used (fuse-overlayfs uses it by default
since version 0.5), some changes might not be flushed from the kernel
to the FUSE file system.
Using umount we could lose these changes as the file system is
terminated before these changes are visible to the FUSE file system.
Going through fusermount|fusermount3 instead makes sure FUSE flushes
all the pending requests before the file system is unmounted.
If the fusermount attempts fail, make sure the file system is flushed
before being unmounted.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
if a mountProgram is specified, check that the file system is already
mounted using the FUSE magic number instead of overlay. It enables
using fuse-overlayfs on top of overlay.
Closes: https://github.com/containers/storage/issues/447
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
it was an attempt to use OSTree to deduplicate files, at the time we
already had a dependency on OSTree for system containers in
containers/image. Since the feature never really took off, let's just
drop it.
Closes: https://github.com/containers/storage/issues/419
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Since now we always set the "ro" mount option, we need to ignore
these options on drivers that do not support them.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
If we are just mounting the parent directory, we should do it read
only. We should not use the upper and work directory.
If there is only one lower directory we should return that path. No
reason to mount the lower directory at all.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Adjust build tags in drivers and pkg so that builds with CGO_ENABLED=0
won't fail outright. This ends up disabling btrfs (which uses kernel
headers), ostree (which uses libostree), overlayfs (which uses C headers
to define fs_disk_quota_t), and devicemapper (which uses libdevmapper
and loopback) by default.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Vivek Goyal says that we should not be touching the internal WorkDir/work directory.
This is internal to the kernel and should not be modified. I believe this was done
to make sure that the "/" of the container is writable by the root user of the user
namespace that is running the container. Changing the ownership of the diffDir
should give us the same behavior and is safe to do.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Modified patch of Kevin Pelzel.
Also changed ApplyDiff to take new ApplyDiffOpts Struct.
Signed-off-by: Kevin Pelzel <kevinpelzel22@gmail.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This should cause the kernel to clear any leaked mount points into other
containers.
Also create the merged directory every time you attempt to create it.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Current implementation of VFS driver performs the copy of the parent
layer during the creation of new (child) layer, but does not clean
the destination if the copy process fails.
From the consuming application perspective, this make storage leaks
possible, e.g. an attempt to create new container with podman,
if failed in the middle of the copy due to disk overflow, leaves
unfinished container layer stray.
To avoid obliging the application (or the end user) to take care of
such possible leaks, cleanup is added.
Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
Use the feature cache to track whether or not overlay is supported,
whether or not metacopy is on (for a specific set of mount options), and
whether or not we can use native diff (again, for a specific set of
mount options).
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add a few helper functions for caching and checking whether or not
particular features are enabled/supported. Most calls to them happen
before the Driver is allocated, so they're functions that take a runhome
directly rather than methods of the Driver.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Pass the library-level RunRoot in as part of the Config struct that we
pass to lower-level driver initialization functions.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Instead of passing the driver-specific directory and assorted fields
from a Config struct to lower-level drivers when we initialize them,
pass them the directory and the Config struct.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This is already done by the driver when creating the directory, so we
will end up trying to map IDs that were already mapped.
regression introduced with d1554f0dcd
and 7c6d502e9b.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
prefer the custom idmapping specified for the layer instead of using
the global one configured for the driver.
Closes: https://github.com/containers/libpod/issues/2960
Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
Noticed that the link directory may be lost also with the symlinks,
so this fix creates it if not found and then restores all the links.
Also fix up logic to check wether a dir is found or not instead of
a regular file.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
These interfaces can be used to setup a graphdriver mountpoint
of the source directory for use within a container.
The RemoveTemp interface umounts the mountpoint and then removes
all of the modified data in the graphdriver for this source directory.
The primary use case of these interfaces is for container engines that
want to mount a directory from the host system into the container. The
source dirctory then can be modified without actually changing the
directory on the host.
Containers will use these interfaces for sharing packaing cache directories
like /var/cache/dnf, to help speed up container builds.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The multiple-lowers test in the overlay driver succeeded even when we
didn't pass in an upper or work directory, because it can be used for
read-only cases even then, but the single-lower test definitely needs us
to provide upper and work directories, so do that.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
If the synlinks under /var/lib/containers/storage/overlay/l are lost
during a sudden reboot, we go through all the layers under the overlay
directory and create symlinks point to their respective diff directories
with the same name as they were created before. We get this name from
the "link" file under each layer dir.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
We have a bug report where a user specified a symbolic link to storage
driver. The issue is the physical device is not predictable but the link
is, so evaluating sym links makes the symlink path supportable.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We failed to detect char devices as those were not covered by the
`ModeDevice` check. Fix this by using the entire FileMode mask as
suggested by the standard library.
Also change the "unknown file type" error to include the mode to
ease debugging potential regressions in the future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The vfs driver already has logic that avoids use of the copy package
when we're not on Linux, so provide the same fallback in the copy
package for non-cgo cases.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
if os.[Lc,C]hown are failing with EINVAL, it might be related to an
UID/GID not mapped in the user namespace we are currently using.
It could be possible to detect this issue by inspecting
/proc/self/uid_map or /proc/self/gid_map, but that won't be possible
when we are pulling a new image and extracting it from a chroot where
/proc is not mounted.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
When we removed all traces of override_kernel_check, we created a
situation where older configuration files would suddenly start causing
us to emit an error at startup. Soften that to a warning, for now at
least.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Make layers based on template layers actually be children of the
template layer, so that we don't need to copy the diff to create them.
Upper layers should be making sure that we don't remove the template
layer before we attempt to remove the new layer.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add a CreateFromTemplate() method to graph drivers, and use it instead
of a driver-oblivious diff/put method when we want to create a copy of
an image's top layer that has the same parent and which differs from the
original only in its ID maps.
This lets drivers that can quickly make an independent layer based on
another layer do something smarter than we were doing with the
driver-oblivious method. For some drivers, a native method is
dramatically faster.
Note that the driver needs to be able to do this while still exposing
just one notional layer (i.e., one link in the chain of layers for a
given container) to the higher levels of the APIs, so if the new layer
is actually a child of the template layer, that needs to remain a detail
that's private to the driver.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
In the overlay driver, check if metacopy is enabled, and report it along
with other status information.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Valentin Rothberg