github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

apply: use naive applier when running in UserNS

Browse Source 
`OverlayConvertWhiteout` calls `mknod c 0 0` which is not allowed when
running in a user namespace, even in Ubuntu kernel.

Although there is an alternative hacky way to create whiteouts without
calling mknod as Moby `overlay2` actually does(see #3762), let's use
naive applier when running in UserNS and call it a day.

Close #3762

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
Akihiro Suda 2019-10-19 19:45:09 +09:00
parent 4523ab734a
commit c224edc5c6
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
diff/apply/apply_linux.go
View File

@ -26,12 +26,18 @@ import (
"github.com/containerd/containerd/archive" "github.com/containerd/containerd/archive"
"github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/errdefs"
"github.com/containerd/containerd/mount" "github.com/containerd/containerd/mount"
"github.com/opencontainers/runc/libcontainer/system"
"github.com/pkg/errors" "github.com/pkg/errors"
) )
func apply(ctx context.Context, mounts []mount.Mount, r io.Reader) error { func apply(ctx context.Context, mounts []mount.Mount, r io.Reader) error {
switch { switch {
case len(mounts) == 1 && mounts[0].Type == "overlay": case len(mounts) == 1 && mounts[0].Type == "overlay":
// OverlayConvertWhiteout (mknod c 0 0) doesn't work in userns.
// https://github.com/containerd/containerd/issues/3762
if system.RunningInUserNS() {
break
}
path, parents, err := getOverlayPath(mounts[0].Options) path, parents, err := getOverlayPath(mounts[0].Options)
if err != nil { if err != nil {
if errdefs.IsInvalidArgument(err) { if errdefs.IsInvalidArgument(err) {