Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

overlay: use idmapped lower layers where supported #1180

Merged
merged 1 commit into from Apr 12, 2022

Conversation

giuseppe
Copy link
Member

use idmapped mounts for the overlay lower layers when the kernel
supports them.

For each lower directory with ID=0...N-1, it creates a idmapped mount
at $GRAPHROOT/overlay/$LAYER/mapped/$ID. The final overlay mount will
use these idmapped mounts instead of the original source directory.

The upperdir is not idmapped, so files are created with the same
IDs used by the user namespace.

Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com

@giuseppe giuseppe force-pushed the idmapped-overlay-lower-layers branch from 557c051 to 5be1290 Compare March 29, 2022 10:49
@giuseppe
Copy link
Member Author

@giuseppe giuseppe force-pushed the idmapped-overlay-lower-layers branch 13 times, most recently from 57b55cc to 8700893 Compare March 30, 2022 13:05
@giuseppe giuseppe changed the title [WIP] overlay: use idmapped lower layers where supported overlay: use idmapped lower layers where supported Apr 6, 2022
@giuseppe giuseppe marked this pull request as ready for review April 6, 2022 14:43
workDir := filepath.Join(layerDir, "work")

defer func() {
_ = unix.Unmount(mergedDir, unix.MNT_DETACH)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this defer be lower down at least for the Umount.

for _, m := range idmap {
mappings = mappings + fmt.Sprintf("%d %d %d\n", m.ContainerID, m.HostID, m.Size)
}
if err := ioutil.WriteFile(fmt.Sprintf("/proc/%d/%s", pid, fname), []byte(mappings), 0600); err != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should just return ioutil.WriteFile()

} else {
logrus.Debugf("Cached value indicated that overlay is not supported")
}
if !overlayCacheResult {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need for this check if, just move return false below after Debugf line above.

@giuseppe giuseppe force-pushed the idmapped-overlay-lower-layers branch from 8700893 to 9fe4a9a Compare April 6, 2022 19:26
@giuseppe
Copy link
Member Author

giuseppe commented Apr 6, 2022

thanks for the review.

I've addressed the comments and pushed a new version

// MOUNT_ATTR__ATIME - Setting on how atime should be updated
MOUNT_ATTR__ATIME = 0x00000070 //nolint:golint
// MOUNT_ATTR_RELATIME - Update atime relative to mtime/ctime
MOUNT_ATTR_RELATIME = 0x00000000 //nolint:golint
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Quick question is this one correct? No bits set?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, it is correct:

$ grep MOUNT_ATTR_RELATIME /usr/include/linux/mount.h
#define MOUNT_ATTR_RELATIME	0x00000000 /* - Update atime relative to mtime/ctime. */

I am not sure if we should add all of these (added for completeness) and if they should be public.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use them from here?
grep -r MOUNT_ATTR_NODEV .
./vendor/golang.org/x/sys/unix/zerrors_linux.go: MOUNT_ATTR_NODEV = 0x4

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've dropped the ones not used by the module and made the other 3 private

use idmapped mounts for the overlay lower layers when the kernel
supports them.

For each lower directory with ID=0...N-1, it creates a idmapped mount
at $GRAPHROOT/overlay/$LAYER/mapped/$ID.  The final overlay mount will
use these idmapped mounts instead of the original source directory.

The upperdir is not idmapped, so files are created with the same
IDs used by the user namespace.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe giuseppe force-pushed the idmapped-overlay-lower-layers branch from 8dff045 to b9b8a59 Compare April 8, 2022 14:56
@rhatdan
Copy link
Member

rhatdan commented Apr 10, 2022

LGTM

@rhatdan
Copy link
Member

rhatdan commented Apr 11, 2022

@nalind @vrothberg @saschagrunert PTAL

Copy link
Member

@vrothberg vrothberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants