[WIP] allow user namespace remapping using snapshotters by liaojh1998 · Pull Request #3885 · containerd/containerd

liaojh1998 · 2019-12-12T06:15:59Z

There's a big overhead from using Lchown for user namespace remapping. The overhead can be reduced from using fuse-overlayfs's dynamic remapping through mounting. This commit will allow fuse-overlayfs snapshotter to do the remapping instead.

To be used in conjunction with #3765, and
containerd/fuse-overlayfs-snapshotter#5.

Related issue #3841.

Signed-off-by: Jie Hao Liao [email protected]

cc @AkihiroSuda

Please let me know what's the best way to test this and if any checks are needed.

theopenlab-ci · 2019-12-12T06:21:05Z

Build succeeded.

containerd-build-arm64 : SUCCESS in 4m 26s (non-voting)

AkihiroSuda · 2019-12-12T06:25:57Z

thanks for working on this 👍

codecov-io · 2019-12-12T06:40:54Z

Codecov Report

Merging #3885 into master will decrease coverage by 0.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #3885      +/-   ##
==========================================
- Coverage   42.33%   42.32%   -0.02%     
==========================================
  Files         130      130              
  Lines       14678    14678              
==========================================
- Hits         6214     6212       -2     
- Misses       7539     7540       +1     
- Partials      925      926       +1

Flag	Coverage Δ
#linux	`45.74% <ø> (-0.02%)`	⬇️
#windows	`37.8% <ø> (ø)`	⬆️

Impacted Files	Coverage Δ
snapshots/btrfs/btrfs.go	`57.39% <0%> (-0.9%)`	⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f01665a...e31e63a. Read the comment docs.

liaojh1998 · 2019-12-12T08:10:20Z

TODO: Add test for "snapshotter"

@AkihiroSuda would this be important?

Signed-off-by: Jie Hao Liao <[email protected]>

liaojh1998 · 2019-12-12T08:27:07Z

Added typedef for remapper.

AkihiroSuda

Hardcoding 65535 isn't correct, but can be worked out later.
LGTM.

theopenlab-ci · 2019-12-12T08:30:47Z

Build succeeded.

containerd-build-arm64 : SUCCESS in 4m 09s (non-voting)

liaojh1998 · 2019-12-12T08:30:47Z

Okay, I'll modify that when we use multiple remappings.

dmcgowan · 2020-01-06T18:51:30Z

 			}
 		}
-		mounts, err := snapshotter.Prepare(ctx, usernsID+"-remap", parent)
+		mounts, err := snapshotter.Prepare(ctx, usernsID+"-remap", parent, opts...)


This doesn't seem necessary if the snapshotter is supporting the mapping. I think a better approach would be to leave the remapping functions alone and just provide a helper which can set the labels and just use WithNewSnapshot

Okay. I'm thinking of an implementation that uses a switch statement in WithRemappedSnapshot() and WithRemappedSnapshotView() to call WithNewSnapshot() based on the remapper. Would this be a better approach or should I leave all of the remapping functions alone?

cc @AkihiroSuda

ping @dmcgowan

AkihiroSuda · 2020-01-15T03:17:20Z

ping @liaojh1998

AkihiroSuda · 2020-02-06T07:23:17Z

@dmcgowan PTAL?

AkihiroSuda · 2020-02-25T02:32:27Z

@liaojh1998

I'm thinking of an implementation that uses a switch statement in WithRemappedSnapshot() and WithRemappedSnapshotView() to call WithNewSnapshot() based on the remapper. Would this be a better approach or should I leave all of the remapping functions alone?

I think that is fine, could you update PR?

liaojh1998 · 2020-02-25T09:34:58Z

Okay, I'll make an update around this weekend.

estesp · 2020-03-25T14:05:50Z

@liaojh1998 will you have time soon to update this PR? Would be good to get this in

AkihiroSuda · 2020-04-08T20:57:09Z

@liaojh1998 Are you still interested in this?

AkihiroSuda · 2020-05-11T08:40:12Z

@dmcgowan @estesp Can we get this in v1.4? (beta2?)

dmcgowan · 2020-06-25T19:47:44Z

Carried in #4259

liaojh1998 mentioned this pull request Dec 12, 2019

add user namespace remapping through Labels containerd/fuse-overlayfs-snapshotter#5

Merged

liaojh1998 mentioned this pull request Dec 12, 2019

Reduce chown overhead by adding support for FUSE-OverlayFS #3841

Closed

AkihiroSuda reviewed Dec 12, 2019

View reviewed changes

Comment thread container_opts_unix.go Outdated

AkihiroSuda mentioned this pull request Dec 12, 2019

mount: support FUSE helper #3765

Merged

liaojh1998 commented Dec 12, 2019

View reviewed changes

allow user namespace remapping using snapshotters

1b607f9

Signed-off-by: Jie Hao Liao <[email protected]>

liaojh1998 force-pushed the fuse-overlayfs branch from e31e63a to 1b607f9 Compare December 12, 2019 08:25

liaojh1998 changed the title ~~[WIP] allow user namespace remapping using fuse-overlayfs~~ [WIP] allow user namespace remapping using snapshotters Dec 12, 2019

AkihiroSuda approved these changes Dec 12, 2019

View reviewed changes

liaojh1998 changed the title ~~[WIP] allow user namespace remapping using snapshotters~~ allow user namespace remapping using snapshotters Dec 12, 2019

dmcgowan reviewed Jan 6, 2020

View reviewed changes

liaojh1998 changed the title ~~allow user namespace remapping using snapshotters~~ WIP: allow user namespace remapping using snapshotters Jan 15, 2020

liaojh1998 changed the title ~~WIP: allow user namespace remapping using snapshotters~~ [WIP] allow user namespace remapping using snapshotters Jan 15, 2020

estesp mentioned this pull request May 15, 2020

Support helpers for label-based userns remapping #4259

Merged

dmcgowan closed this Jun 25, 2020

Conversation

liaojh1998 commented Dec 12, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

theopenlab-ci Bot commented Dec 12, 2019

Uh oh!

Uh oh!

AkihiroSuda commented Dec 12, 2019

Uh oh!

codecov-io commented Dec 12, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

liaojh1998 Dec 12, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

liaojh1998 Dec 12, 2019

Choose a reason for hiding this comment

Uh oh!

liaojh1998 commented Dec 12, 2019

Uh oh!

AkihiroSuda left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

theopenlab-ci Bot commented Dec 12, 2019

Uh oh!

liaojh1998 commented Dec 12, 2019

Uh oh!

dmcgowan Jan 6, 2020

Choose a reason for hiding this comment

Uh oh!

liaojh1998 Jan 15, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

liaojh1998 Jan 23, 2020

Choose a reason for hiding this comment

Uh oh!

AkihiroSuda commented Jan 15, 2020

Uh oh!

AkihiroSuda commented Feb 6, 2020

Uh oh!

AkihiroSuda commented Feb 25, 2020

Uh oh!

liaojh1998 commented Feb 25, 2020

Uh oh!

estesp commented Mar 25, 2020

Uh oh!

AkihiroSuda commented Apr 8, 2020

Uh oh!

AkihiroSuda commented May 11, 2020

Uh oh!

dmcgowan commented Jun 25, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

liaojh1998 commented Dec 12, 2019 •

edited

Loading

codecov-io commented Dec 12, 2019 •

edited

Loading

liaojh1998 Dec 12, 2019 •

edited

Loading

AkihiroSuda left a comment •

edited

Loading

liaojh1998 Jan 15, 2020 •

edited

Loading