From e1adfaeb921fce7e8098b6b43d24253597a68cf7 Mon Sep 17 00:00:00 2001
From: Rodrigo Campos <rodrigoca@microsoft.com>
Date: Thu, 4 Jul 2024 18:04:12 +0200
Subject: [PATCH] script/setup/config-containerd: Use slow_chown

slow_chown is safe to add on all kernels, and when running in old
kernels (as some CI distros on purpose are), we want the expensive
fallback.

Vagrant setup and others use this script to config containerd. This
fixes userns tests with runc 1.2.0-rc.2 when running with old kernels.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
---
 script/setup/config-containerd | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/script/setup/config-containerd b/script/setup/config-containerd
index 945172a5a..cd1a20437 100755
--- a/script/setup/config-containerd
+++ b/script/setup/config-containerd
@@ -30,6 +30,15 @@ mkdir -p /etc/containerd
 
 cat << EOF | sudo tee /etc/containerd/config.toml
 version = 2
+
+[plugins."io.containerd.snapshotter.v1.overlayfs"]
+# slow_chown is needed to avoid an error with kernel < 5.19:
+# > "snapshotter \"overlayfs\" doesn't support idmap mounts on this host,
+# > configure \`slow_chown\` to allow a slower and expensive fallback"
+# https://github.com/containerd/containerd/pull/9920#issuecomment-1978901454
+# This is safely ignored for kernel >= 5.19.
+slow_chown = true
+
 [plugins]
   [plugins."io.containerd.grpc.v1.cri"]
     enable_selinux = ${enable_selinux}