snapshotter: support "remap-ids" capability for overlayfs

Previously remapping of a snapshotter has been done using recursive chown. Commit 31a6449734 added a support for "remap-ids" capability which allows snapshotter internals do remappings in case of idmapped mounts support to avoid recursive chown and creating a new remapped snapshot. Signed-off-by: Ilya Hanov <ilya.hanov@huawei-partners.com>
2023-04-19 17:32:57 +08:00 · 2023-04-19 17:32:57 +08:00 · e8ddf669f5
commit e8ddf669f5
parent 817391989f
3 changed files with 28 additions and 0 deletions
--- a/snapshots/overlay/overlay.go
+++ b/snapshots/overlay/overlay.go
@ -46,6 +46,7 @@ type SnapshotterConfig struct {
 	upperdirLabel bool
 	ms            MetaStore
 	mountOptions  []string
+	remapIds      bool
 }

 // Opt is an option to configure the overlay snapshotter
@ -93,12 +94,18 @@ func WithMetaStore(ms MetaStore) Opt {
 	}
 }

+func WithRemapIds(config *SnapshotterConfig) error {
+	config.remapIds = true
+	return nil
+}
+
 type snapshotter struct {
 	root          string
 	ms            MetaStore
 	asyncRemove   bool
 	upperdirLabel bool
 	options       []string
+	remapIds      bool
 }

 // NewSnapshotter returns a Snapshotter which uses overlayfs. The overlayfs
@ -154,6 +161,7 @@ func NewSnapshotter(root string, opts ...Opt) (snapshots.Snapshotter, error) {
 		asyncRemove:   config.asyncRemove,
 		upperdirLabel: config.upperdirLabel,
 		options:       config.mountOptions,
+		remapIds:      config.remapIds,
 	}, nil
 }

--- a/snapshots/overlay/overlayutils/check.go
+++ b/snapshots/overlay/overlayutils/check.go
@ -198,3 +198,14 @@ func NeedsUserXAttr(d string) (bool, error) {
 	}
 	return true, nil
 }
+
+// SupportsIDMappedMounts tells if this kernel supports idmapped mounts for overlayfs
+// or not.
+func SupportsIDMappedMounts() (bool, error) {
+	// Fast path
+	fiveDotNineteen := kernel.KernelVersion{Kernel: 5, Major: 19}
+	if ok, err := kernel.GreaterEqualThan(fiveDotNineteen); err == nil && ok {
+		return true, nil
+	}
+	return false, nil
+}
--- a/snapshots/overlay/plugin/plugin.go
+++ b/snapshots/overlay/plugin/plugin.go
@ -24,6 +24,11 @@ import (
 	"github.com/containerd/containerd/platforms"
 	"github.com/containerd/containerd/plugin"
 	"github.com/containerd/containerd/snapshots/overlay"
+	"github.com/containerd/containerd/snapshots/overlay/overlayutils"
+)
+
+const (
+	capaRemapIds = "remap-ids"
 )

 // Config represents configuration for the overlay plugin.
@ -66,6 +71,10 @@ func init() {
 			if len(config.MountOptions) > 0 {
 				oOpts = append(oOpts, overlay.WithMountOptions(config.MountOptions))
 			}
+			if ok, err := overlayutils.SupportsIDMappedMounts(); err == nil && ok {
+				oOpts = append(oOpts, overlay.WithRemapIds)
+				ic.Meta.Capabilities = append(ic.Meta.Capabilities, capaRemapIds)
+			}

 			ic.Meta.Exports["root"] = root
 			return overlay.NewSnapshotter(root, oOpts...)