As opposed to a writable layer derived from a base layer, the volume
path of a base layer, once activated and prepared will not be a WCIFS
volume, but the actual path on disk to the snapshot. We cannot directly
mount this folder, as that would mean a client may gain access and
potentially damage important metadata files that would render the layer
unusabble.
For base layers we need to mount the Files folder which must exist in
any valid base windows-layer.
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Update dependencies and remove the local bindfilter files. Those have
been moved to go-winio.
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
fstest.CheckDirectoryEqual checks if any files in the diff matches a
list of known metadataFiles. This only happens if we specify the initial
layer as the first parameter and the mutated layer as the second.
This also enables the read-only view checks, as the bind filter allows
us to mount a layer as ro.
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
The bind filter supports bind-like mounts and volume mounts. It also
allows us to have read-only mounts.
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
NTFS, when presented with an all-caps filename, assumes you are just
being loud for no reason, and instead stores an all-lower-case filename.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
This is necessary on Windows, as it's not possible to delete a snapshot
while it is still mounted, even if the mount-point has been deleted.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
Using symlinks for bind mounts means we are not protecting an RO-mounted
layer against modification. Windows doesn't currently appear to offer a
better approach though, as we cannot create arbitrary empty WCOW scratch
layers at this time.
For windows-layer mounts, Unmount does not have access to the mounts
used to create it. So we store the relevant data in an Alternate Data
Stream on the mountpoint in order to be able to Unmount later.
Based on approach in https://github.com/containerd/containerd/pull/2366,
with sign-offs recorded as 'Based-on-work-by' trailers below.
This also partially-reverts some changes made in #6034 as they are not
needed with this mounting implmentation, which no longer needs to be
handled specially by the caller compared to non-Windows mounts.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
Based-on-work-by: Michael Crosby <crosbymichael@gmail.com>
Based-on-work-by: Darren Stahl <darst@microsoft.com>
The WCOW layer support does not support creating sandboxes with no
parent. Instead, parentless scratch layers must be layed out as a
directory containing only a directory named 'Files', and all data stored
inside 'Files'. At commit-time, this will be converted in-place into a
read-only layer suitable for use as a parent layer.
The WCOW layer support also does not deal with making read-only layers,
i.e. layers that are prepared to be parent layers, visible in a
read-only manner. A bind-mount or junction point cannot be made
read-only, so a view must instead be a small sandbox layer that we can
mount via WCOW, and discard later, to protect the layer against
accidental or deliberate modification.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
This is not really an error in most cases as most people do not use
devmapper, however this shows up as an error in the logs and in the
plugin service when querying the plugins.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
