github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

overlayutils: Add fastpath for userxattr check

Browse Source 
Cleaning up TODO's. If we're on >= 5.11 we need userxattr so check
the kernel version to skip the manual check via mounting. It feels
odd to use contrib/seccomp here but the alternative is pulling that
kernel parsing code out into the main pkgs. Another is using the moby
parser but that's in moby/moby which is also a dep we don't want here..

Signed-off-by: Danny Canter <danny@dcantah.dev>
This commit is contained in:
Danny Canter
2022-10-31 17:09:09 -07:00
parent 8167751f56
commit 4b2a23e7ea
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
snapshots/overlay/overlayutils/check.go
View File

@@ -24,6 +24,7 @@ import (
"os"
"path/filepath"
kernel "github.com/containerd/containerd/contrib/seccomp/kernelversion"
"github.com/containerd/containerd/log"
"github.com/containerd/containerd/mount"
"github.com/containerd/containerd/pkg/userns"
@@ -113,10 +114,14 @@ func NeedsUserXAttr(d string) (bool, error) {
return false, nil
}
// TODO: add fast path for kernel >= 5.11 .
// Fast path on kernels >= 5.11
//
// Keep in mind that distro vendors might be going to backport the patch to older kernels.
// So we can't completely remove the check.
// Keep in mind that distro vendors might be going to backport the patch to older kernels
// so we can't completely remove the "slow path".
fiveDotEleven := kernel.KernelVersion{Kernel: 5, Major: 11}
if ok, err := kernel.GreaterEqualThan(fiveDotEleven); err == nil && ok {
return true, nil
}
tdRoot := filepath.Join(d, "userxattr-check")
if err := os.RemoveAll(tdRoot); err != nil {