overlayutils: Add fastpath for userxattr check
Cleaning up TODO's. If we're on >= 5.11 we need userxattr so check the kernel version to skip the manual check via mounting. It feels odd to use contrib/seccomp here but the alternative is pulling that kernel parsing code out into the main pkgs. Another is using the moby parser but that's in moby/moby which is also a dep we don't want here.. Signed-off-by: Danny Canter <danny@dcantah.dev>
This commit is contained in:
Danny Canter
parent
8167751f56
commit
4b2a23e7ea
@ -24,6 +24,7 @@ import (
|
|||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
|
||||||
|
kernel "github.com/containerd/containerd/contrib/seccomp/kernelversion"
|
||||||
"github.com/containerd/containerd/log"
|
"github.com/containerd/containerd/log"
|
||||||
"github.com/containerd/containerd/mount"
|
"github.com/containerd/containerd/mount"
|
||||||
"github.com/containerd/containerd/pkg/userns"
|
"github.com/containerd/containerd/pkg/userns"
|
||||||
@ -113,10 +114,14 @@ func NeedsUserXAttr(d string) (bool, error) {
|
|||||||
return false, nil
|
return false, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: add fast path for kernel >= 5.11 .
|
// Fast path on kernels >= 5.11
|
||||||
//
|
//
|
||||||
// Keep in mind that distro vendors might be going to backport the patch to older kernels.
|
// Keep in mind that distro vendors might be going to backport the patch to older kernels
|
||||||
// So we can't completely remove the check.
|
// so we can't completely remove the "slow path".
|
||||||
|
fiveDotEleven := kernel.KernelVersion{Kernel: 5, Major: 11}
|
||||||
|
if ok, err := kernel.GreaterEqualThan(fiveDotEleven); err == nil && ok {
|
||||||
|
return true, nil
|
||||||
|
}
|
||||||
|
|
||||||
tdRoot := filepath.Join(d, "userxattr-check")
|
tdRoot := filepath.Join(d, "userxattr-check")
|
||||||
if err := os.RemoveAll(tdRoot); err != nil {
|
if err := os.RemoveAll(tdRoot); err != nil {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user