Skip to content

Commit 2eabcf7

Browse files
mathis-mmathis-m
committed
fix: check for tmpfs when evaluating if userxattr should be used
Signed-off-by: mathis-m <[email protected]>
1 parent 34513f9 commit 2eabcf7

1 file changed

Lines changed: 26 additions & 0 deletions

File tree

snapshots/overlay/overlayutils/check.go

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ import (
2323
"fmt"
2424
"os"
2525
"path/filepath"
26+
"syscall"
2627

2728
kernel "github.com/containerd/containerd/contrib/seccomp/kernelversion"
2829
"github.com/containerd/containerd/log"
@@ -31,6 +32,11 @@ import (
3132
"github.com/containerd/continuity/fs"
3233
)
3334

35+
const (
36+
// see https://man7.org/linux/man-pages/man2/statfs.2.html
37+
tmpfsMagic = 0x01021994
38+
)
39+
3440
// SupportsMultipleLowerDir checks if the system supports multiple lowerdirs,
3541
// which is required for the overlay snapshotter. On 4.x kernels, multiple lowerdirs
3642
// are always available (so this check isn't needed), and backported to RHEL and
@@ -88,6 +94,21 @@ func Supported(root string) error {
8894
return SupportsMultipleLowerDir(root)
8995
}
9096

97+
// IsPathOnTmpfs returns whether the path is on a tmpfs or not.
98+
//
99+
// It uses statfs to check if the fs type is TMPFS_MAGIC (0x01021994)
100+
// see https://man7.org/linux/man-pages/man2/statfs.2.html
101+
func IsPathOnTmpfs(d string) bool {
102+
stat := syscall.Statfs_t{}
103+
err := syscall.Statfs(d, &stat)
104+
if err != nil {
105+
log.L.WithError(err).Warnf("Could not retrieve statfs for %v", d)
106+
return false
107+
}
108+
109+
return stat.Type == tmpfsMagic
110+
}
111+
91112
// NeedsUserXAttr returns whether overlayfs should be mounted with the "userxattr" mount option.
92113
//
93114
// The "userxattr" option is needed for mounting overlayfs inside a user namespace with kernel >= 5.11.
@@ -114,6 +135,11 @@ func NeedsUserXAttr(d string) (bool, error) {
114135
return false, nil
115136
}
116137

138+
// userxattr not permitted on tmpfs https://man7.org/linux/man-pages/man5/tmpfs.5.html
139+
if IsPathOnTmpfs(d) {
140+
return false, nil
141+
}
142+
117143
// Fast path on kernels >= 5.11
118144
//
119145
// Keep in mind that distro vendors might be going to backport the patch to older kernels

0 commit comments

Comments
 (0)