Previously "`/`" in a container was always owned by `root:root` (0/0), even if
`withRemappedSnapshot` had been used. Meaning that if `withUserNamespace` is
used then `/` can be remapped to `nobody:nogroup` (65534/65534).
The fix is is twofold:
- incrementFS should operate on the root of the tree.
- when creating a new snapshot we must propagate the ownership of the topmost
"lower" directory into the new "upper".
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Update snapshot storage to use boltdb keys instead of protobuf.
Add update function to snapshotter to allow updating labels.
Add option type for creating snapshots to allow setting labels.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
What started out as a simple PR to remove the "Readonly" column became an
adventure to add a proper type for a "View" snapshot. The short story here is
that we now get the following output:
```
$ sudo ctr snapshot ls
ID PARENT KIND
sha256:08c2295a7fa5c220b0f60c994362d290429ad92f6e0235509db91582809442f3 Committed
testing4 sha256:08c2295a7fa5c220b0f60c994362d290429ad92f6e0235509db91582809442f3 Active
```
In pursuing this output, it was found that the idea of having "readonly" as an
attribute on all snapshots was redundant. For committed, they are always
readonly, as they are not accessible without an active snapshot. For active
snapshots that were views, we'd have to check the type before interpreting
"readonly". With this PR, this is baked fully into the kind of snapshot. When
`Snapshotter.View` is called, the kind of snapshot is `KindView`, and the
storage system reflects this end to end.
Unfortunately, this will break existing users. There is no migration, so they
will have to wipe `/var/lib/containerd` and recreate everything. However, this
is deemed worthwhile at this point, as we won't have to judge validity of the
"Readonly" field when new snapshot types are added.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
This moves both the Mount type and mountinfo into a single mount
package.
This also opens up the root of the repo to hold the containerd client
implementation.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
No need to have a util package under a package... er, package.
We should move most of this functionality to continuity.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Rollback was not being called when the function was called with
a key which does not exist. This failure to call rollback kept
the database open and caused all new requests to block.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
To allow the querying of usage for snapshots, we define a new method on
the snapshotter to query the resources in use by a single snapshot.
Conversely, it can be said that if the snapshot was deleted, the
reported amount of usage would be recovered.
There are few problems with this model in the implementation of btrfs
that need to be worked out. In btrfs, it is hard to resolve the amount
of data usage with the use of quotas but these may report valuables that
are incompatible with the model.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
When starting up a snapshot driver on subsequent runs, the
mkdir call will return an exist error, this can be safely
ignored.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
We need to set +x on the overlay dirs or after dropping from root to a
non-root user an eperm will happen on exec or other file access
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Allow creating actives without an upper directory for
capturing changes. Actives without the upper directory
will always be mounted read only. Read only actives
must have a parent.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
With the change to the snapshotter interface, we've now updated the
overlay driver to follow the conventions of the current test suite. To
support key unification, an hashed index was added to active and
committed directories. We still need to do some testing around
collisions, but we'll leave that for a future PR.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
We now include btrfs in the snapshot driver test suite. This includes
the addition of parent links and name hashing into the btrfs driver.
We'll probably endup replacing this with a common metadata store, as
these relationships are generally identical between implementations.
A small bug was discovered in the delete implementation in the course
testing, so the btrfs package has been updated with a fix.
The overlay driver was modified accordingly with the btrfs driver to use
`Driver` as the exported type of each driver packge.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
We now define the `snapshot.Driver` interface based on earlier work.
Many details of the model are worked out, such as snapshot lifecycle and
parentage of commits against "Active" snapshots.
The impetus of this change is to provide a snapshot POC that does a
complete push/pull workflow. The beginnings of a test suite for snapshot
drivers is included that we can use to verify the assumptions of
drivers. The intent is to port the existing tests over to this test
suite and start scaling contributions and test to the snapshot driver
subsystem.
There are still some details that need to be worked out, such as listing
and metadata access. We can do this activity as we further integrate
with tooling.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
