pkg/archive: support overlayfs in userns (Ubuntu kernel only)#38038
pkg/archive: support overlayfs in userns (Ubuntu kernel only)#38038vdemeester merged 3 commits intomoby:masterfrom
Conversation
|
also cc @dhiltonp |
AkihiroSuda
force-pushed
the
ubuntu-overlayfs
branch
2 times, most recently
from
4c2473f to
90ea528
Compare
|
Looks good @AkihiroSuda; windows CI failure looks to be a teardown test flake; unrelated to changes |
cpuguy83
left a comment
cpuguy83
left a comment
There was a problem hiding this comment.
I haven't validated this yet, but just a minor comment on the code.
pkg/archive/archive_linux.go
Outdated
There was a problem hiding this comment.
Instead of the if/else here, could we have a wrapper for the userns case that catches the error and handles accordingly?
There was a problem hiding this comment.
Could you be more specific?
There was a problem hiding this comment.
I was thinking we could just wrap ConverRead with something like if err := c.wrapped.ConvertRead(...); err != nil && c.isInUserNS {...}
But looking back now, I think that may not be all that clean.
|
/cc @dmcgowan @tonistiigi |
AkihiroSuda
force-pushed
the
ubuntu-overlayfs
branch
from
90ea528 to
d73c7ff
Compare
Codecov Report
@@ Coverage Diff @@
## master #38038 +/- ##
=========================================
Coverage ? 36.53%
=========================================
Files ? 610
Lines ? 45371
Branches ? 0
=========================================
Hits ? 16575
Misses ? 26467
Partials ? 2329 |
pkg/archive/archive_linux.go
Outdated
There was a problem hiding this comment.
(only glancing over the code); It's not an exported function, so not a big deal; just thinking if it would be cleaner to pass the options struct, instead of adding a boolean
There was a problem hiding this comment.
What would be other fields of options?
There was a problem hiding this comment.
not sure 😅 . My train of thought was that in case more options appeared in future, we didn't have to change the signature
|
ping @cpuguy83 @dmcgowan @tonistiigi PTAL |
|
This seems sane. Is there a good way we can add this to the test suite? |
|
As this is Ubuntu-specific and planned to be deprecated in favor of containerd overlay snapshotter, I think manual testing is ok for now |
|
IMO, if it's not worth adding tests for it's not worth merging. |
AkihiroSuda
force-pushed
the
ubuntu-overlayfs
branch
from
d73c7ff to
cfb4b0b
Compare
|
Added The test passed locally on Ubuntu 18.04.1, kernel |
|
The PR now contains commit from #38292 so that the PR can be tested on recent kernels. |
pkg/archive/archive_unix_test.go
Outdated
There was a problem hiding this comment.
I'm sure I don't know what this is doing, but why do we mention v3 and set 2 here, and then check 2 later?
There was a problem hiding this comment.
2 is just a filename and had nothing to do with the version
Ubuntu kernel supports overlayfs in user namespaces. However, Docker had previously crafting overlay opaques directly using mknod(2) and setxattr(2), which are not supported in userns. Tested with LXD, Ubuntu 18.04, kernel 4.15.0-36-generic moby#39-Ubuntu. Signed-off-by: Akihiro Suda <[email protected]>
`rootlesskit go test ./pkg/archive` now succeeds Signed-off-by: Akihiro Suda <[email protected]>
Signed-off-by: Akihiro Suda <[email protected]>
AkihiroSuda
force-pushed
the
ubuntu-overlayfs
branch
from
cfb4b0b to
ec153cc
Compare
|
@cpuguy83 @tonistiigi @dmcgowan mergeable? |
|
@dmcgowan let us know if there's any changes needed after-the-fact 🤗 |
9 participants
Signed-off-by: Akihiro Suda [email protected]
- What I did
Ubuntu kernel supports overlayfs in user namespaces.
However, Docker had previously crafting overlay opaques directly
using
mknod(2)andsetxattr(2), which are not supported in userns.This PR allows
pkg/archiveto craft opaques by creating overlayfs rather thanmknod/setxattr.Tested with LXD, Ubuntu 18.04, kernel
4.15.0-36-generic #39-Ubuntu.Cherry-picked from Usernetes patch set: https://github.com/rootless-containers/usernetes
- How I did it
mknod c 0 0:
lower,upper,merged,worklower/dummymerged/dummyupper/dummymkdir with
trusted.overlay.opaquexattr:lower,upper,merged,worklower/dummymerged/dummymerged/dummytrusted.overlay.opaquexattr is ready asupper/dummy- How to verify it
docker info)docker pull ubuntuWithout patch,
docker pull ubuntufails as follows:- Description for the changelog
pkg/archive: support overlayfs in userns (Ubuntu kernel only)
- A picture of a cute animal (not mandatory but encouraged)
🐧