github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

snapshotter: support "remap-ids" capability for overlayfs

Browse Source 
Previously remapping of a snapshotter has been done using
recursive chown.

Commit
31a6449734 added a support
for "remap-ids" capability which allows snapshotter internals do
remappings in case of idmapped mounts support to avoid recursive
chown and creating a new remapped snapshot.

Signed-off-by: Ilya Hanov <ilya.hanov@huawei-partners.com>
This commit is contained in:
Ilya Hanov
2023-04-19 17:32:57 +08:00
parent 817391989f
commit e8ddf669f5
3 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
snapshots/overlay/overlay.go
View File

@@ -46,6 +46,7 @@ type SnapshotterConfig struct {
upperdirLabel bool upperdirLabel bool
ms MetaStore ms MetaStore
mountOptions []string mountOptions []string
remapIds bool
} }
// Opt is an option to configure the overlay snapshotter // Opt is an option to configure the overlay snapshotter
@@ -93,12 +94,18 @@ func WithMetaStore(ms MetaStore) Opt {
} }
} }
func WithRemapIds(config *SnapshotterConfig) error {
config.remapIds = true
return nil
}
type snapshotter struct { type snapshotter struct {
root string root string
ms MetaStore ms MetaStore
asyncRemove bool asyncRemove bool
upperdirLabel bool upperdirLabel bool
options []string options []string
remapIds bool
} }
// NewSnapshotter returns a Snapshotter which uses overlayfs. The overlayfs // NewSnapshotter returns a Snapshotter which uses overlayfs. The overlayfs
@@ -154,6 +161,7 @@ func NewSnapshotter(root string, opts ...Opt) (snapshots.Snapshotter, error) {
asyncRemove: config.asyncRemove, asyncRemove: config.asyncRemove,
upperdirLabel: config.upperdirLabel, upperdirLabel: config.upperdirLabel,
options: config.mountOptions, options: config.mountOptions,
remapIds: config.remapIds,
}, nil }, nil
} }

11
snapshots/overlay/overlayutils/check.go
View File

@@ -198,3 +198,14 @@ func NeedsUserXAttr(d string) (bool, error) {
} }
return true, nil return true, nil
} }
// SupportsIDMappedMounts tells if this kernel supports idmapped mounts for overlayfs
// or not.
func SupportsIDMappedMounts() (bool, error) {
// Fast path
fiveDotNineteen := kernel.KernelVersion{Kernel: 5, Major: 19}
if ok, err := kernel.GreaterEqualThan(fiveDotNineteen); err == nil && ok {
return true, nil
}
return false, nil
}

9
snapshots/overlay/plugin/plugin.go
View File

@@ -24,6 +24,11 @@ import (
"github.com/containerd/containerd/platforms" "github.com/containerd/containerd/platforms"
"github.com/containerd/containerd/plugin" "github.com/containerd/containerd/plugin"
"github.com/containerd/containerd/snapshots/overlay" "github.com/containerd/containerd/snapshots/overlay"
"github.com/containerd/containerd/snapshots/overlay/overlayutils"
)
const (
capaRemapIds = "remap-ids"
) )
// Config represents configuration for the overlay plugin. // Config represents configuration for the overlay plugin.
@@ -66,6 +71,10 @@ func init() {
if len(config.MountOptions) > 0 { if len(config.MountOptions) > 0 {
oOpts = append(oOpts, overlay.WithMountOptions(config.MountOptions)) oOpts = append(oOpts, overlay.WithMountOptions(config.MountOptions))
} }
if ok, err := overlayutils.SupportsIDMappedMounts(); err == nil && ok {
oOpts = append(oOpts, overlay.WithRemapIds)
ic.Meta.Capabilities = append(ic.Meta.Capabilities, capaRemapIds)
}
ic.Meta.Exports["root"] = root ic.Meta.Exports["root"] = root
return overlay.NewSnapshotter(root, oOpts...) return overlay.NewSnapshotter(root, oOpts...)