From 5af8d89cea78cb71dfb717b1c2819ee2563fa4cd Mon Sep 17 00:00:00 2001 From: Danny Canter Date: Mon, 31 Oct 2022 17:09:09 -0700 Subject: [PATCH] overlayutils: Add fastpath for userxattr check Cleaning up TODO's. If we're on >= 5.11 we need userxattr so check the kernel version to skip the manual check via mounting. It feels odd to use contrib/seccomp here but the alternative is pulling that kernel parsing code out into the main pkgs. Another is using the moby parser but that's in moby/moby which is also a dep we don't want here.. Signed-off-by: Danny Canter (cherry picked from commit 4b2a23e7ea4bd324aa345b4b5ffbba638d3b9d81) Signed-off-by: Danny Canter --- snapshots/overlay/overlayutils/check.go | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/snapshots/overlay/overlayutils/check.go b/snapshots/overlay/overlayutils/check.go index c5b93fc57679..2faaea35f95a 100644 --- a/snapshots/overlay/overlayutils/check.go +++ b/snapshots/overlay/overlayutils/check.go @@ -24,6 +24,7 @@ import ( "os" "path/filepath" + kernel "github.com/containerd/containerd/contrib/seccomp/kernelversion" "github.com/containerd/containerd/log" "github.com/containerd/containerd/mount" "github.com/containerd/containerd/pkg/userns" @@ -113,10 +114,14 @@ func NeedsUserXAttr(d string) (bool, error) { return false, nil } - // TODO: add fast path for kernel >= 5.11 . + // Fast path on kernels >= 5.11 // - // Keep in mind that distro vendors might be going to backport the patch to older kernels. - // So we can't completely remove the check. + // Keep in mind that distro vendors might be going to backport the patch to older kernels + // so we can't completely remove the "slow path". + fiveDotEleven := kernel.KernelVersion{Kernel: 5, Major: 11} + if ok, err := kernel.GreaterEqualThan(fiveDotEleven); err == nil && ok { + return true, nil + } tdRoot := filepath.Join(d, "userxattr-check") if err := os.RemoveAll(tdRoot); err != nil {