drop the possibility to configure a remapping for all the layers in
the storage.
The feature dates back to the initial fork from Docker, that supported
a single user namespace where all the images were pulled. It was never
used by the container tools since we have a finer control of the user
namespaces.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Allow storage users to split the filesystem of containers vs image
store, `imagestore` if configured will pull images in image storage
instead of the `graphRoot` while keeping the other parts still in the
originally configured `graphRoot`.
overlay: set workdir and upperdir according to splitstore
If splitstore is set `workdir` and `upperdir` must go into the
splitstore i.e `graphRoot`.
Signed-off-by: Aditya R <arajan@redhat.com>
force_mask sets a permission mask used for the new files and
directories.
It is useful for using a NFS share for the rootless storage. It
requires this change in fuse-overlayfs:
https://github.com/containers/fuse-overlayfs/pull/246
[storage]
driver = "overlay"
graphroot = "/mnt/nfs/home/storage"
[storage.options]
size = ""
mountopt = "xattr_permissions=2"
[storage.options.overlay]
force_mask = "0755"
ignore_chown_errors = "true"
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Certain workloads, we would like to eliminate the mounting of containers-storage as private.
Running containers within containers for example.
This looks like it was accidently removed in the past, since there was still partial
implementation.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
automatically pick an empty range and create an user namespace for the
container.
For root containers, it is necessary to specify an entry in
the /etc/subuid and /etc/subgid files to use for picking the range of
available IDs. This is necessary to avoid collisions with IDs used
for rootless containers. This setting is ignored for rootless
containers, since it is not possible to use arbitrary IDs, and the
initial set is always picked by the IDs assigned to the rootless
user.
When using auto userns, a container will use a range of IDs that is
not used by any other container user namespace, also those that are
not using auto userns, this is checked at creation time.
A successive container that doesn't use auto userns feature can still
collide with IDs used by an auto userns container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Overlay and overlay2 drivers are the same, but we
were not procesessing mount options correctly for overlay2.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Storage options are really driver specific and it is when distributions set
defaults, they should not effect the user if he changes the default driver.
By moving the storage options to be driver specific, we can make sure all
drivers only document and support their options.
With this patch we will continue to support the global mountopt but the driver
specific version will override the global mountopt.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
it was an attempt to use OSTree to deduplicate files, at the time we
already had a dependency on OSTree for system containers in
containers/image. Since the feature never really took off, let's just
drop it.
Closes: https://github.com/containers/storage/issues/419
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Modified patch of Kevin Pelzel.
Also changed ApplyDiff to take new ApplyDiffOpts Struct.
Signed-off-by: Kevin Pelzel <kevinpelzel22@gmail.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Need to access the storage structs in the machine-config
operator code for container runtime configuration but
with it being in store.go, it is pullng in way too many
dependencies. Moving it out to a separate package cuts down
the dependencies by a huge amount.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Giuseppe Scrivano