From 3595dd04b0ee7c0b84f98bf0634ff9166440f514 Mon Sep 17 00:00:00 2001 From: mathis-m Date: Wed, 7 Dec 2022 18:55:38 +0100 Subject: [PATCH] fix: check for tmpfs when evaluating if userxattr should be used Signed-off-by: mathis-m (cherry picked from commit 2eabcf7026816c46cfc5be03402716138f4c3332) Signed-off-by: Akihiro Suda --- snapshots/overlay/overlayutils/check.go | 26 +++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/snapshots/overlay/overlayutils/check.go b/snapshots/overlay/overlayutils/check.go index 2faaea35f95a..17e7547feb97 100644 --- a/snapshots/overlay/overlayutils/check.go +++ b/snapshots/overlay/overlayutils/check.go @@ -23,6 +23,7 @@ import ( "fmt" "os" "path/filepath" + "syscall" kernel "github.com/containerd/containerd/contrib/seccomp/kernelversion" "github.com/containerd/containerd/log" @@ -31,6 +32,11 @@ import ( "github.com/containerd/continuity/fs" ) +const ( + // see https://man7.org/linux/man-pages/man2/statfs.2.html + tmpfsMagic = 0x01021994 +) + // SupportsMultipleLowerDir checks if the system supports multiple lowerdirs, // which is required for the overlay snapshotter. On 4.x kernels, multiple lowerdirs // are always available (so this check isn't needed), and backported to RHEL and @@ -88,6 +94,21 @@ func Supported(root string) error { return SupportsMultipleLowerDir(root) } +// IsPathOnTmpfs returns whether the path is on a tmpfs or not. +// +// It uses statfs to check if the fs type is TMPFS_MAGIC (0x01021994) +// see https://man7.org/linux/man-pages/man2/statfs.2.html +func IsPathOnTmpfs(d string) bool { + stat := syscall.Statfs_t{} + err := syscall.Statfs(d, &stat) + if err != nil { + log.L.WithError(err).Warnf("Could not retrieve statfs for %v", d) + return false + } + + return stat.Type == tmpfsMagic +} + // NeedsUserXAttr returns whether overlayfs should be mounted with the "userxattr" mount option. // // The "userxattr" option is needed for mounting overlayfs inside a user namespace with kernel >= 5.11. @@ -114,6 +135,11 @@ func NeedsUserXAttr(d string) (bool, error) { return false, nil } + // userxattr not permitted on tmpfs https://man7.org/linux/man-pages/man5/tmpfs.5.html + if IsPathOnTmpfs(d) { + return false, nil + } + // Fast path on kernels >= 5.11 // // Keep in mind that distro vendors might be going to backport the patch to older kernels