github.com/Heebron/moby@v0.0.0-20221111184709-6eab4f55faf7/daemon/graphdriver/fuse-overlayfs/fuseoverlayfs.go (about) 1 //go:build linux 2 // +build linux 3 4 package fuseoverlayfs // import "github.com/docker/docker/daemon/graphdriver/fuse-overlayfs" 5 6 import ( 7 "bytes" 8 "context" 9 "fmt" 10 "io" 11 "os" 12 "os/exec" 13 "path" 14 "path/filepath" 15 "strings" 16 17 "github.com/containerd/containerd/pkg/userns" 18 "github.com/docker/docker/daemon/graphdriver" 19 "github.com/docker/docker/daemon/graphdriver/overlayutils" 20 "github.com/docker/docker/pkg/archive" 21 "github.com/docker/docker/pkg/chrootarchive" 22 "github.com/docker/docker/pkg/containerfs" 23 "github.com/docker/docker/pkg/directory" 24 "github.com/docker/docker/pkg/idtools" 25 "github.com/docker/docker/pkg/parsers/kernel" 26 "github.com/moby/locker" 27 "github.com/moby/sys/mount" 28 "github.com/opencontainers/selinux/go-selinux/label" 29 "github.com/pkg/errors" 30 "github.com/sirupsen/logrus" 31 "golang.org/x/sys/unix" 32 ) 33 34 var ( 35 // untar defines the untar method 36 untar = chrootarchive.UntarUncompressed 37 ) 38 39 const ( 40 driverName = "fuse-overlayfs" 41 binary = "fuse-overlayfs" 42 linkDir = "l" 43 diffDirName = "diff" 44 workDirName = "work" 45 mergedDirName = "merged" 46 lowerFile = "lower" 47 maxDepth = 128 48 49 // idLength represents the number of random characters 50 // which can be used to create the unique link identifier 51 // for every layer. If this value is too long then the 52 // page size limit for the mount command may be exceeded. 53 // The idLength should be selected such that following equation 54 // is true (512 is a buffer for label metadata). 55 // ((idLength + len(linkDir) + 1) * maxDepth) <= (pageSize - 512) 56 idLength = 26 57 ) 58 59 // Driver contains information about the home directory and the list of active 60 // mounts that are created using this driver. 61 type Driver struct { 62 home string 63 idMap idtools.IdentityMapping 64 ctr *graphdriver.RefCounter 65 naiveDiff graphdriver.DiffDriver 66 locker *locker.Locker 67 } 68 69 var ( 70 logger = logrus.WithField("storage-driver", driverName) 71 ) 72 73 func init() { 74 graphdriver.Register(driverName, Init) 75 } 76 77 // Init returns the naive diff driver for fuse-overlayfs. 78 // If fuse-overlayfs is not supported on the host, the error 79 // graphdriver.ErrNotSupported is returned. 80 func Init(home string, options []string, idMap idtools.IdentityMapping) (graphdriver.Driver, error) { 81 if _, err := exec.LookPath(binary); err != nil { 82 logger.Error(err) 83 return nil, graphdriver.ErrNotSupported 84 } 85 if !kernel.CheckKernelVersion(4, 18, 0) { 86 return nil, graphdriver.ErrNotSupported 87 } 88 89 currentID := idtools.CurrentIdentity() 90 dirID := idtools.Identity{ 91 UID: currentID.UID, 92 GID: idMap.RootPair().GID, 93 } 94 95 if err := idtools.MkdirAllAndChown(home, 0710, dirID); err != nil { 96 return nil, err 97 } 98 if err := idtools.MkdirAllAndChown(path.Join(home, linkDir), 0700, currentID); err != nil { 99 return nil, err 100 } 101 102 d := &Driver{ 103 home: home, 104 idMap: idMap, 105 ctr: graphdriver.NewRefCounter(graphdriver.NewFsChecker(graphdriver.FsMagicFUSE)), 106 locker: locker.New(), 107 } 108 109 d.naiveDiff = graphdriver.NewNaiveDiffDriver(d, idMap) 110 111 return d, nil 112 } 113 114 func (d *Driver) String() string { 115 return driverName 116 } 117 118 // Status returns current driver information in a two dimensional string array. 119 func (d *Driver) Status() [][2]string { 120 return [][2]string{} 121 } 122 123 // GetMetadata returns metadata about the overlay driver such as the LowerDir, 124 // UpperDir, WorkDir, and MergeDir used to store data. 125 func (d *Driver) GetMetadata(id string) (map[string]string, error) { 126 dir := d.dir(id) 127 if _, err := os.Stat(dir); err != nil { 128 return nil, err 129 } 130 131 metadata := map[string]string{ 132 "WorkDir": path.Join(dir, workDirName), 133 "MergedDir": path.Join(dir, mergedDirName), 134 "UpperDir": path.Join(dir, diffDirName), 135 } 136 137 lowerDirs, err := d.getLowerDirs(id) 138 if err != nil { 139 return nil, err 140 } 141 if len(lowerDirs) > 0 { 142 metadata["LowerDir"] = strings.Join(lowerDirs, ":") 143 } 144 145 return metadata, nil 146 } 147 148 // Cleanup any state created by overlay which should be cleaned when daemon 149 // is being shutdown. For now, we just have to unmount the bind mounted 150 // we had created. 151 func (d *Driver) Cleanup() error { 152 return mount.RecursiveUnmount(d.home) 153 } 154 155 // CreateReadWrite creates a layer that is writable for use as a container 156 // file system. 157 func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error { 158 if opts != nil && len(opts.StorageOpt) != 0 { 159 return fmt.Errorf("--storage-opt is not supported") 160 } 161 return d.create(id, parent, opts) 162 } 163 164 // Create is used to create the upper, lower, and merge directories required for overlay fs for a given id. 165 // The parent filesystem is used to configure these directories for the overlay. 166 func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr error) { 167 if opts != nil && len(opts.StorageOpt) != 0 { 168 return fmt.Errorf("--storage-opt is not supported") 169 } 170 return d.create(id, parent, opts) 171 } 172 173 func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts) (retErr error) { 174 dir := d.dir(id) 175 root := d.idMap.RootPair() 176 177 if err := idtools.MkdirAllAndChown(path.Dir(dir), 0710, root); err != nil { 178 return err 179 } 180 if err := idtools.MkdirAndChown(dir, 0710, root); err != nil { 181 return err 182 } 183 184 defer func() { 185 // Clean up on failure 186 if retErr != nil { 187 os.RemoveAll(dir) 188 } 189 }() 190 191 if opts != nil && len(opts.StorageOpt) > 0 { 192 return fmt.Errorf("--storage-opt is not supported") 193 } 194 195 if err := idtools.MkdirAndChown(path.Join(dir, diffDirName), 0755, root); err != nil { 196 return err 197 } 198 199 lid := overlayutils.GenerateID(idLength, logger) 200 if err := os.Symlink(path.Join("..", id, diffDirName), path.Join(d.home, linkDir, lid)); err != nil { 201 return err 202 } 203 204 // Write link id to link file 205 if err := os.WriteFile(path.Join(dir, "link"), []byte(lid), 0644); err != nil { 206 return err 207 } 208 209 // if no parent directory, done 210 if parent == "" { 211 return nil 212 } 213 214 if err := idtools.MkdirAndChown(path.Join(dir, workDirName), 0710, root); err != nil { 215 return err 216 } 217 218 if err := os.WriteFile(path.Join(d.dir(parent), "committed"), []byte{}, 0600); err != nil { 219 return err 220 } 221 222 lower, err := d.getLower(parent) 223 if err != nil { 224 return err 225 } 226 if lower != "" { 227 if err := os.WriteFile(path.Join(dir, lowerFile), []byte(lower), 0666); err != nil { 228 return err 229 } 230 } 231 232 return nil 233 } 234 235 func (d *Driver) getLower(parent string) (string, error) { 236 parentDir := d.dir(parent) 237 238 // Ensure parent exists 239 if _, err := os.Lstat(parentDir); err != nil { 240 return "", err 241 } 242 243 // Read Parent link fileA 244 parentLink, err := os.ReadFile(path.Join(parentDir, "link")) 245 if err != nil { 246 return "", err 247 } 248 lowers := []string{path.Join(linkDir, string(parentLink))} 249 250 parentLower, err := os.ReadFile(path.Join(parentDir, lowerFile)) 251 if err == nil { 252 parentLowers := strings.Split(string(parentLower), ":") 253 lowers = append(lowers, parentLowers...) 254 } 255 if len(lowers) > maxDepth { 256 return "", errors.New("max depth exceeded") 257 } 258 return strings.Join(lowers, ":"), nil 259 } 260 261 func (d *Driver) dir(id string) string { 262 return path.Join(d.home, id) 263 } 264 265 func (d *Driver) getLowerDirs(id string) ([]string, error) { 266 var lowersArray []string 267 lowers, err := os.ReadFile(path.Join(d.dir(id), lowerFile)) 268 if err == nil { 269 for _, s := range strings.Split(string(lowers), ":") { 270 lp, err := os.Readlink(path.Join(d.home, s)) 271 if err != nil { 272 return nil, err 273 } 274 lowersArray = append(lowersArray, path.Clean(path.Join(d.home, linkDir, lp))) 275 } 276 } else if !os.IsNotExist(err) { 277 return nil, err 278 } 279 return lowersArray, nil 280 } 281 282 // Remove cleans the directories that are created for this id. 283 func (d *Driver) Remove(id string) error { 284 if id == "" { 285 return fmt.Errorf("refusing to remove the directories: id is empty") 286 } 287 d.locker.Lock(id) 288 defer d.locker.Unlock(id) 289 dir := d.dir(id) 290 lid, err := os.ReadFile(path.Join(dir, "link")) 291 if err == nil { 292 if len(lid) == 0 { 293 logger.Errorf("refusing to remove empty link for layer %v", id) 294 } else if err := os.RemoveAll(path.Join(d.home, linkDir, string(lid))); err != nil { 295 logger.Debugf("Failed to remove link: %v", err) 296 } 297 } 298 299 if err := containerfs.EnsureRemoveAll(dir); err != nil && !os.IsNotExist(err) { 300 return err 301 } 302 return nil 303 } 304 305 // Get creates and mounts the required file system for the given id and returns the mount path. 306 func (d *Driver) Get(id, mountLabel string) (_ string, retErr error) { 307 d.locker.Lock(id) 308 defer d.locker.Unlock(id) 309 dir := d.dir(id) 310 if _, err := os.Stat(dir); err != nil { 311 return "", err 312 } 313 314 diffDir := path.Join(dir, diffDirName) 315 lowers, err := os.ReadFile(path.Join(dir, lowerFile)) 316 if err != nil { 317 // If no lower, just return diff directory 318 if os.IsNotExist(err) { 319 return diffDir, nil 320 } 321 return "", err 322 } 323 324 mergedDir := path.Join(dir, mergedDirName) 325 if count := d.ctr.Increment(mergedDir); count > 1 { 326 return mergedDir, nil 327 } 328 defer func() { 329 if retErr != nil { 330 if c := d.ctr.Decrement(mergedDir); c <= 0 { 331 if unmounted := fusermountU(mergedDir); !unmounted { 332 if mntErr := unix.Unmount(mergedDir, 0); mntErr != nil { 333 logger.Errorf("error unmounting %v: %v", mergedDir, mntErr) 334 } 335 } 336 // Cleanup the created merged directory; see the comment in Put's rmdir 337 if rmErr := unix.Rmdir(mergedDir); rmErr != nil && !os.IsNotExist(rmErr) { 338 logger.Debugf("Failed to remove %s: %v: %v", id, rmErr, err) 339 } 340 } 341 } 342 }() 343 344 workDir := path.Join(dir, workDirName) 345 splitLowers := strings.Split(string(lowers), ":") 346 absLowers := make([]string, len(splitLowers)) 347 for i, s := range splitLowers { 348 absLowers[i] = path.Join(d.home, s) 349 } 350 var readonly bool 351 if _, err := os.Stat(path.Join(dir, "committed")); err == nil { 352 readonly = true 353 } else if !os.IsNotExist(err) { 354 return "", err 355 } 356 357 var opts string 358 if readonly { 359 opts = "lowerdir=" + diffDir + ":" + strings.Join(absLowers, ":") 360 } else { 361 opts = "lowerdir=" + strings.Join(absLowers, ":") + ",upperdir=" + diffDir + ",workdir=" + workDir 362 } 363 364 mountData := label.FormatMountLabel(opts, mountLabel) 365 mountTarget := mergedDir 366 367 if err := idtools.MkdirAndChown(mergedDir, 0700, d.idMap.RootPair()); err != nil { 368 return "", err 369 } 370 371 mountProgram := exec.Command(binary, "-o", mountData, mountTarget) 372 mountProgram.Dir = d.home 373 var b bytes.Buffer 374 mountProgram.Stderr = &b 375 if err = mountProgram.Run(); err != nil { 376 output := b.String() 377 if output == "" { 378 output = "<stderr empty>" 379 } 380 return "", errors.Wrapf(err, "using mount program %s: %s", binary, output) 381 } 382 383 return mergedDir, nil 384 } 385 386 // Put unmounts the mount path created for the give id. 387 // It also removes the 'merged' directory to force the kernel to unmount the 388 // overlay mount in other namespaces. 389 func (d *Driver) Put(id string) error { 390 d.locker.Lock(id) 391 defer d.locker.Unlock(id) 392 dir := d.dir(id) 393 _, err := os.ReadFile(path.Join(dir, lowerFile)) 394 if err != nil { 395 // If no lower, no mount happened and just return directly 396 if os.IsNotExist(err) { 397 return nil 398 } 399 return err 400 } 401 402 mountpoint := path.Join(dir, mergedDirName) 403 if count := d.ctr.Decrement(mountpoint); count > 0 { 404 return nil 405 } 406 if unmounted := fusermountU(mountpoint); !unmounted { 407 if err := unix.Unmount(mountpoint, unix.MNT_DETACH); err != nil { 408 logger.Debugf("Failed to unmount %s overlay: %s - %v", id, mountpoint, err) 409 } 410 } 411 // Remove the mountpoint here. Removing the mountpoint (in newer kernels) 412 // will cause all other instances of this mount in other mount namespaces 413 // to be unmounted. This is necessary to avoid cases where an overlay mount 414 // that is present in another namespace will cause subsequent mounts 415 // operations to fail with ebusy. We ignore any errors here because this may 416 // fail on older kernels which don't have 417 // torvalds/linux@8ed936b5671bfb33d89bc60bdcc7cf0470ba52fe applied. 418 if err := unix.Rmdir(mountpoint); err != nil && !os.IsNotExist(err) { 419 logger.Debugf("Failed to remove %s overlay: %v", id, err) 420 } 421 return nil 422 } 423 424 // Exists checks to see if the id is already mounted. 425 func (d *Driver) Exists(id string) bool { 426 _, err := os.Stat(d.dir(id)) 427 return err == nil 428 } 429 430 // isParent determines whether the given parent is the direct parent of the 431 // given layer id 432 func (d *Driver) isParent(id, parent string) bool { 433 lowers, err := d.getLowerDirs(id) 434 if err != nil { 435 return false 436 } 437 if parent == "" && len(lowers) > 0 { 438 return false 439 } 440 441 parentDir := d.dir(parent) 442 var ld string 443 if len(lowers) > 0 { 444 ld = filepath.Dir(lowers[0]) 445 } 446 if ld == "" && parent == "" { 447 return true 448 } 449 return ld == parentDir 450 } 451 452 // ApplyDiff applies the new layer into a root 453 func (d *Driver) ApplyDiff(id string, parent string, diff io.Reader) (size int64, err error) { 454 if !d.isParent(id, parent) { 455 return d.naiveDiff.ApplyDiff(id, parent, diff) 456 } 457 458 applyDir := d.getDiffPath(id) 459 460 logger.Debugf("Applying tar in %s", applyDir) 461 // Overlay doesn't need the parent id to apply the diff 462 if err := untar(diff, applyDir, &archive.TarOptions{ 463 IDMap: d.idMap, 464 // Use AUFS whiteout format: https://github.com/containers/storage/blob/39a8d5ed9843844eafb5d2ba6e6a7510e0126f40/drivers/overlay/overlay.go#L1084-L1089 465 WhiteoutFormat: archive.AUFSWhiteoutFormat, 466 InUserNS: userns.RunningInUserNS(), 467 }); err != nil { 468 return 0, err 469 } 470 471 return directory.Size(context.TODO(), applyDir) 472 } 473 474 func (d *Driver) getDiffPath(id string) string { 475 dir := d.dir(id) 476 477 return path.Join(dir, diffDirName) 478 } 479 480 // DiffSize calculates the changes between the specified id 481 // and its parent and returns the size in bytes of the changes 482 // relative to its base filesystem directory. 483 func (d *Driver) DiffSize(id, parent string) (size int64, err error) { 484 return d.naiveDiff.DiffSize(id, parent) 485 } 486 487 // Diff produces an archive of the changes between the specified 488 // layer and its parent layer which may be "". 489 func (d *Driver) Diff(id, parent string) (io.ReadCloser, error) { 490 return d.naiveDiff.Diff(id, parent) 491 } 492 493 // Changes produces a list of changes between the specified layer and its 494 // parent layer. If parent is "", then all changes will be ADD changes. 495 func (d *Driver) Changes(id, parent string) ([]archive.Change, error) { 496 return d.naiveDiff.Changes(id, parent) 497 } 498 499 // fusermountU is from https://github.com/containers/storage/blob/39a8d5ed9843844eafb5d2ba6e6a7510e0126f40/drivers/overlay/overlay.go#L1016-L1040 500 func fusermountU(mountpoint string) (unmounted bool) { 501 // Attempt to unmount the FUSE mount using either fusermount or fusermount3. 502 // If they fail, fallback to unix.Unmount 503 for _, v := range []string{"fusermount3", "fusermount"} { 504 err := exec.Command(v, "-u", mountpoint).Run() 505 if err != nil && !os.IsNotExist(err) { 506 logrus.Debugf("Error unmounting %s with %s - %v", mountpoint, v, err) 507 } 508 if err == nil { 509 unmounted = true 510 break 511 } 512 } 513 // If fusermount|fusermount3 failed to unmount the FUSE file system, make sure all 514 // pending changes are propagated to the file system 515 if !unmounted { 516 fd, err := unix.Open(mountpoint, unix.O_DIRECTORY, 0) 517 if err == nil { 518 if err := unix.Syncfs(fd); err != nil { 519 logrus.Debugf("Error Syncfs(%s) - %v", mountpoint, err) 520 } 521 unix.Close(fd) 522 } 523 } 524 return 525 }