We now use the golang error wrapping format specifier `%w` instead of the
deprecated github.com/pkg/errors package.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
When cancel the deferred removal, if the device is already gone,
continue. According to the original logic, if the device does not exist,
an error is reported.
Signed-off-by: gaohuatao <gaohuatao@huawei.com>
Check if the mountpoint is mounted when unmount it to avoid failure.
If user manually run the umount command before it, the function
UnmountDevice returns an error, Although this error dose not cause the
container deletion process fail for the reason that the return value of
UnmountDevice function is not processed. However, the ERROR logs in the
log system are misleading
Signed-off-by: gaohuatao <gaohuatao@huawei.com>
When "docker load $image" and "docker rmi $image" commands are
repeatedly executed in the background, the dockerd daemon process is
killed. As a result, the DM device where the image resides may be
unavailable. The image can be queried, but the container fails to be
run. After function “devices.issueDiscard(info)” is executed and before
function "devices.deleteTransaction(info, syncDelete)" is executed, at
this point, dockerd daemon's withdrawal would result in dm device
discarded. Howerver, the dm device is not deleted at the same time.
Signed-off-by: gaohuatao <gaohuatao@huawei.com>
Move the "unmount and deactivate" code into a separate method, and
optimize it a bit:
1. Do not use filepath.Walk() as there's no requirement to recursively
go into every directory under home/mnt; a list of directories in mnt
is sufficient. With filepath.Walk(), in case some container will fail
to unmount, it'll go through the whole container filesystem which is
excessive and useless.
2. Do not use GetMounts() and do not check if a directory is mounted;
just unmount it and ignore "not mounted" error. Note the same error
is returned in case of wrong flags set, but as flags are hardcoded
we can safely ignore such a case.
While at it, promote "can't unmount" log level from debug to warning.
[adopted from upstream commit f1a459229724f5e.]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
libdm currently has a fairly substantial DoS bug that makes certain
operations fail on a libdm device if the device has active references
through mountpoints. This is a significant problem with the advent of
mount namespaces and MS_PRIVATE, and can cause certain --volume mounts
to cause libdm to no longer be able to remove containers:
% docker run -d --name testA busybox top
% docker run -d --name testB -v /var/lib/docker:/docker busybox top
% docker rm -f testA
[fails on libdm with dm_task_run errors.]
This also solves the problem of unprivileged users being able to DoS
docker by using unprivileged mount namespaces to preseve mounts that
Docker has dropped.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
[picked from upstream commit: 92e45b81e0a]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This subtle bug keeps lurking in because error checking for `Mkdir()`
and `MkdirAll()` is slightly different wrt `EEXIST`/`IsExist`:
- for `Mkdir()`, `IsExist` error should (usually) be ignored
(unless you want to make sure directory was not there before)
as it means "the destination directory was already there";
- for `MkdirAll()`, `IsExist` error should NEVER be ignored.
This commit removes ignoring the IsExist error, as it should not
be ignored.
For more details, a quote from my opencontainers/runc#162 (July 2015):
-quote-
TL;DR: check for IsExist(err) after a failed MkdirAll() is both
redundant and wrong -- so two reasons to remove it.
Quoting MkdirAll documentation:
MkdirAll creates a directory named path, along with any necessary
parents, and returns nil, or else returns an error. If path
is already a directory, MkdirAll does nothing and returns nil.
This means two things:
If a directory to be created already exists, no error is
returned.
If the error returned is IsExist (EEXIST), it means there exists
a non-directory with the same name as MkdirAll need to use for
directory. Example: we want to MkdirAll("a/b"), but file "a"
(or "a/b") already exists, so MkdirAll fails.
The above is a theory, based on quoted documentation and my UNIX
knowledge.
In practice, though, current MkdirAll implementation [1] returns
ENOTDIR in most of cases described in #2, with the exception when
there is a race between MkdirAll and someone else creating the
last component of MkdirAll argument as a file. In this very case
MkdirAll() will indeed return EEXIST.
Because of #1, IsExist check after MkdirAll is not needed.
Because of #2 and #3, ignoring IsExist error is just plain wrong,
as directory we require is not created. It's cleaner to report
the error now.
Note this error is all over the tree, I guess due to copy-paste,
or trying to follow the same usage pattern as for Mkdir(),
or some not quite correct examples on the Internet.
[1] https://github.com/golang/go/blob/f9ed2f75/src/os/path.go
-end-quote-
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
With the previous patch, Mount error is now verbose enough
so we don't have to supply all the gory details.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Adjust build tags in drivers and pkg so that builds with CGO_ENABLED=0
won't fail outright. This ends up disabling btrfs (which uses kernel
headers), ostree (which uses libostree), overlayfs (which uses C headers
to define fs_disk_quota_t), and devicemapper (which uses libdevmapper
and loopback) by default.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We want to allow tools like podman/buildah to override default storage
container mount options on a container by container basis.
For example if the default mount options for containers/storage include
nodev or nosuid, we want to allow podman to turn these off if the user
specifies --privileged.
We also might want to turn off certain user namespace flags that will cause
buildah and podman build to work slower when creating container images.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
I believe we should be running container images mounted with nodev by default.
This would eliminate the disk of a device sneaking into the container without
being on the approved list. This would give us the same or potentially additional
security over the device cgroup.
It would be nice if this could be passed in on an image by image basis. So users
could also specify if they want nosuid images.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently the code waits 30 seconds before cleaning up deferred deleted
thinpools. This change will cause the cleanup to happen right away and
then will fire every 30 seconds. Note this could cause some slowdown
during startup, if and only iff their are Leaked devices.
Since this library could be used with non long running daemons like podman
and buildah, it is better to cleanup the devices right away.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We do not want to fall back on to loop back devices when setting up
devicemapper. We have decided that this causes too many issues, and
we have an excellent default in Overlay to handle first setup.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Also updates github.com/Microsoft/hcsshim
and github.com/docker/go-connections so they work
with the newer version of logrus.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
An AUFS filesystem doesn't give us the "real" device and inode numbers
of an underlying file when we stat() it, so we'll hit errors trying to
resume use of a pool when that pool is built on loopback devices using
files that live on an AUFS filesystem. Refuse to let ourselves be put
into that situation.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Wrap graphdriver.{ErrNotSupported,ErrPrerequisites,ErrIncompatibleFS}
errors in contexts using github.com/pkg/errors, and dig them out for
comparison using errors.Cause().
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We have moved runc/libcontainers selinux support out of libcontainer
into opencontainers/selinux. Switching containers/storage to use
new interfaces.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When we walk the directory of mount information, don't try to load
information from the root of the walk, which produces a confusing error
message.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Rename the library module and CLI wrapper.
Rename daemon/graphdriver to drivers.
Catch up vendoring to match modules we've pruned.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Daniel J Walsh