github.com/jfrazelle/docker@v1.1.2-0.20210712172922-bf78e25fe508/daemon/graphdriver/fuse-overlayfs/fuseoverlayfs.go (about)

     1  // +build linux
     2  
     3  package fuseoverlayfs // import "github.com/docker/docker/daemon/graphdriver/fuse-overlayfs"
     4  
     5  import (
     6  	"bytes"
     7  	"context"
     8  	"fmt"
     9  	"io"
    10  	"io/ioutil"
    11  	"os"
    12  	"os/exec"
    13  	"path"
    14  	"path/filepath"
    15  	"strings"
    16  
    17  	"github.com/containerd/containerd/pkg/userns"
    18  	"github.com/docker/docker/daemon/graphdriver"
    19  	"github.com/docker/docker/daemon/graphdriver/overlayutils"
    20  	"github.com/docker/docker/pkg/archive"
    21  	"github.com/docker/docker/pkg/chrootarchive"
    22  	"github.com/docker/docker/pkg/containerfs"
    23  	"github.com/docker/docker/pkg/directory"
    24  	"github.com/docker/docker/pkg/idtools"
    25  	"github.com/docker/docker/pkg/parsers/kernel"
    26  	"github.com/docker/docker/pkg/system"
    27  	"github.com/moby/locker"
    28  	"github.com/moby/sys/mount"
    29  	"github.com/opencontainers/selinux/go-selinux/label"
    30  	"github.com/pkg/errors"
    31  	"github.com/sirupsen/logrus"
    32  	"golang.org/x/sys/unix"
    33  )
    34  
    35  var (
    36  	// untar defines the untar method
    37  	untar = chrootarchive.UntarUncompressed
    38  )
    39  
    40  const (
    41  	driverName    = "fuse-overlayfs"
    42  	binary        = "fuse-overlayfs"
    43  	linkDir       = "l"
    44  	diffDirName   = "diff"
    45  	workDirName   = "work"
    46  	mergedDirName = "merged"
    47  	lowerFile     = "lower"
    48  	maxDepth      = 128
    49  
    50  	// idLength represents the number of random characters
    51  	// which can be used to create the unique link identifier
    52  	// for every layer. If this value is too long then the
    53  	// page size limit for the mount command may be exceeded.
    54  	// The idLength should be selected such that following equation
    55  	// is true (512 is a buffer for label metadata).
    56  	// ((idLength + len(linkDir) + 1) * maxDepth) <= (pageSize - 512)
    57  	idLength = 26
    58  )
    59  
    60  // Driver contains information about the home directory and the list of active
    61  // mounts that are created using this driver.
    62  type Driver struct {
    63  	home      string
    64  	uidMaps   []idtools.IDMap
    65  	gidMaps   []idtools.IDMap
    66  	ctr       *graphdriver.RefCounter
    67  	naiveDiff graphdriver.DiffDriver
    68  	locker    *locker.Locker
    69  }
    70  
    71  var (
    72  	logger = logrus.WithField("storage-driver", driverName)
    73  )
    74  
    75  func init() {
    76  	graphdriver.Register(driverName, Init)
    77  }
    78  
    79  // Init returns the naive diff driver for fuse-overlayfs.
    80  // If fuse-overlayfs is not supported on the host, the error
    81  // graphdriver.ErrNotSupported is returned.
    82  func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) {
    83  	if _, err := exec.LookPath(binary); err != nil {
    84  		logger.Error(err)
    85  		return nil, graphdriver.ErrNotSupported
    86  	}
    87  	if !kernel.CheckKernelVersion(4, 18, 0) {
    88  		return nil, graphdriver.ErrNotSupported
    89  	}
    90  
    91  	if err := idtools.MkdirAllAndChown(path.Join(home, linkDir), 0701, idtools.CurrentIdentity()); err != nil {
    92  		return nil, err
    93  	}
    94  
    95  	d := &Driver{
    96  		home:    home,
    97  		uidMaps: uidMaps,
    98  		gidMaps: gidMaps,
    99  		ctr:     graphdriver.NewRefCounter(graphdriver.NewFsChecker(graphdriver.FsMagicFUSE)),
   100  		locker:  locker.New(),
   101  	}
   102  
   103  	d.naiveDiff = graphdriver.NewNaiveDiffDriver(d, uidMaps, gidMaps)
   104  
   105  	return d, nil
   106  }
   107  
   108  func (d *Driver) String() string {
   109  	return driverName
   110  }
   111  
   112  // Status returns current driver information in a two dimensional string array.
   113  func (d *Driver) Status() [][2]string {
   114  	return [][2]string{}
   115  }
   116  
   117  // GetMetadata returns metadata about the overlay driver such as the LowerDir,
   118  // UpperDir, WorkDir, and MergeDir used to store data.
   119  func (d *Driver) GetMetadata(id string) (map[string]string, error) {
   120  	dir := d.dir(id)
   121  	if _, err := os.Stat(dir); err != nil {
   122  		return nil, err
   123  	}
   124  
   125  	metadata := map[string]string{
   126  		"WorkDir":   path.Join(dir, workDirName),
   127  		"MergedDir": path.Join(dir, mergedDirName),
   128  		"UpperDir":  path.Join(dir, diffDirName),
   129  	}
   130  
   131  	lowerDirs, err := d.getLowerDirs(id)
   132  	if err != nil {
   133  		return nil, err
   134  	}
   135  	if len(lowerDirs) > 0 {
   136  		metadata["LowerDir"] = strings.Join(lowerDirs, ":")
   137  	}
   138  
   139  	return metadata, nil
   140  }
   141  
   142  // Cleanup any state created by overlay which should be cleaned when daemon
   143  // is being shutdown. For now, we just have to unmount the bind mounted
   144  // we had created.
   145  func (d *Driver) Cleanup() error {
   146  	return mount.RecursiveUnmount(d.home)
   147  }
   148  
   149  // CreateReadWrite creates a layer that is writable for use as a container
   150  // file system.
   151  func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error {
   152  	if opts != nil && len(opts.StorageOpt) != 0 {
   153  		return fmt.Errorf("--storage-opt is not supported")
   154  	}
   155  	return d.create(id, parent, opts)
   156  }
   157  
   158  // Create is used to create the upper, lower, and merge directories required for overlay fs for a given id.
   159  // The parent filesystem is used to configure these directories for the overlay.
   160  func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr error) {
   161  	if opts != nil && len(opts.StorageOpt) != 0 {
   162  		return fmt.Errorf("--storage-opt is not supported")
   163  	}
   164  	return d.create(id, parent, opts)
   165  }
   166  
   167  func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts) (retErr error) {
   168  	dir := d.dir(id)
   169  
   170  	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
   171  	if err != nil {
   172  		return err
   173  	}
   174  	root := idtools.Identity{UID: rootUID, GID: rootGID}
   175  
   176  	currentID := idtools.CurrentIdentity()
   177  	if err := idtools.MkdirAllAndChown(path.Dir(dir), 0701, currentID); err != nil {
   178  		return err
   179  	}
   180  	if err := idtools.MkdirAndChown(dir, 0701, currentID); err != nil {
   181  		return err
   182  	}
   183  
   184  	defer func() {
   185  		// Clean up on failure
   186  		if retErr != nil {
   187  			os.RemoveAll(dir)
   188  		}
   189  	}()
   190  
   191  	if opts != nil && len(opts.StorageOpt) > 0 {
   192  		return fmt.Errorf("--storage-opt is not supported")
   193  	}
   194  
   195  	if err := idtools.MkdirAndChown(path.Join(dir, diffDirName), 0755, root); err != nil {
   196  		return err
   197  	}
   198  
   199  	lid := overlayutils.GenerateID(idLength, logger)
   200  	if err := os.Symlink(path.Join("..", id, diffDirName), path.Join(d.home, linkDir, lid)); err != nil {
   201  		return err
   202  	}
   203  
   204  	// Write link id to link file
   205  	if err := ioutil.WriteFile(path.Join(dir, "link"), []byte(lid), 0644); err != nil {
   206  		return err
   207  	}
   208  
   209  	// if no parent directory, done
   210  	if parent == "" {
   211  		return nil
   212  	}
   213  
   214  	if err := idtools.MkdirAndChown(path.Join(dir, workDirName), 0701, currentID); err != nil {
   215  		return err
   216  	}
   217  
   218  	if err := ioutil.WriteFile(path.Join(d.dir(parent), "committed"), []byte{}, 0600); err != nil {
   219  		return err
   220  	}
   221  
   222  	lower, err := d.getLower(parent)
   223  	if err != nil {
   224  		return err
   225  	}
   226  	if lower != "" {
   227  		if err := ioutil.WriteFile(path.Join(dir, lowerFile), []byte(lower), 0666); err != nil {
   228  			return err
   229  		}
   230  	}
   231  
   232  	return nil
   233  }
   234  
   235  func (d *Driver) getLower(parent string) (string, error) {
   236  	parentDir := d.dir(parent)
   237  
   238  	// Ensure parent exists
   239  	if _, err := os.Lstat(parentDir); err != nil {
   240  		return "", err
   241  	}
   242  
   243  	// Read Parent link fileA
   244  	parentLink, err := ioutil.ReadFile(path.Join(parentDir, "link"))
   245  	if err != nil {
   246  		return "", err
   247  	}
   248  	lowers := []string{path.Join(linkDir, string(parentLink))}
   249  
   250  	parentLower, err := ioutil.ReadFile(path.Join(parentDir, lowerFile))
   251  	if err == nil {
   252  		parentLowers := strings.Split(string(parentLower), ":")
   253  		lowers = append(lowers, parentLowers...)
   254  	}
   255  	if len(lowers) > maxDepth {
   256  		return "", errors.New("max depth exceeded")
   257  	}
   258  	return strings.Join(lowers, ":"), nil
   259  }
   260  
   261  func (d *Driver) dir(id string) string {
   262  	return path.Join(d.home, id)
   263  }
   264  
   265  func (d *Driver) getLowerDirs(id string) ([]string, error) {
   266  	var lowersArray []string
   267  	lowers, err := ioutil.ReadFile(path.Join(d.dir(id), lowerFile))
   268  	if err == nil {
   269  		for _, s := range strings.Split(string(lowers), ":") {
   270  			lp, err := os.Readlink(path.Join(d.home, s))
   271  			if err != nil {
   272  				return nil, err
   273  			}
   274  			lowersArray = append(lowersArray, path.Clean(path.Join(d.home, linkDir, lp)))
   275  		}
   276  	} else if !os.IsNotExist(err) {
   277  		return nil, err
   278  	}
   279  	return lowersArray, nil
   280  }
   281  
   282  // Remove cleans the directories that are created for this id.
   283  func (d *Driver) Remove(id string) error {
   284  	if id == "" {
   285  		return fmt.Errorf("refusing to remove the directories: id is empty")
   286  	}
   287  	d.locker.Lock(id)
   288  	defer d.locker.Unlock(id)
   289  	dir := d.dir(id)
   290  	lid, err := ioutil.ReadFile(path.Join(dir, "link"))
   291  	if err == nil {
   292  		if len(lid) == 0 {
   293  			logger.Errorf("refusing to remove empty link for layer %v", id)
   294  		} else if err := os.RemoveAll(path.Join(d.home, linkDir, string(lid))); err != nil {
   295  			logger.Debugf("Failed to remove link: %v", err)
   296  		}
   297  	}
   298  
   299  	if err := system.EnsureRemoveAll(dir); err != nil && !os.IsNotExist(err) {
   300  		return err
   301  	}
   302  	return nil
   303  }
   304  
   305  // Get creates and mounts the required file system for the given id and returns the mount path.
   306  func (d *Driver) Get(id, mountLabel string) (_ containerfs.ContainerFS, retErr error) {
   307  	d.locker.Lock(id)
   308  	defer d.locker.Unlock(id)
   309  	dir := d.dir(id)
   310  	if _, err := os.Stat(dir); err != nil {
   311  		return nil, err
   312  	}
   313  
   314  	diffDir := path.Join(dir, diffDirName)
   315  	lowers, err := ioutil.ReadFile(path.Join(dir, lowerFile))
   316  	if err != nil {
   317  		// If no lower, just return diff directory
   318  		if os.IsNotExist(err) {
   319  			return containerfs.NewLocalContainerFS(diffDir), nil
   320  		}
   321  		return nil, err
   322  	}
   323  
   324  	mergedDir := path.Join(dir, mergedDirName)
   325  	if count := d.ctr.Increment(mergedDir); count > 1 {
   326  		return containerfs.NewLocalContainerFS(mergedDir), nil
   327  	}
   328  	defer func() {
   329  		if retErr != nil {
   330  			if c := d.ctr.Decrement(mergedDir); c <= 0 {
   331  				if unmounted := fusermountU(mergedDir); !unmounted {
   332  					if mntErr := unix.Unmount(mergedDir, 0); mntErr != nil {
   333  						logger.Errorf("error unmounting %v: %v", mergedDir, mntErr)
   334  					}
   335  				}
   336  				// Cleanup the created merged directory; see the comment in Put's rmdir
   337  				if rmErr := unix.Rmdir(mergedDir); rmErr != nil && !os.IsNotExist(rmErr) {
   338  					logger.Debugf("Failed to remove %s: %v: %v", id, rmErr, err)
   339  				}
   340  			}
   341  		}
   342  	}()
   343  
   344  	workDir := path.Join(dir, workDirName)
   345  	splitLowers := strings.Split(string(lowers), ":")
   346  	absLowers := make([]string, len(splitLowers))
   347  	for i, s := range splitLowers {
   348  		absLowers[i] = path.Join(d.home, s)
   349  	}
   350  	var readonly bool
   351  	if _, err := os.Stat(path.Join(dir, "committed")); err == nil {
   352  		readonly = true
   353  	} else if !os.IsNotExist(err) {
   354  		return nil, err
   355  	}
   356  
   357  	var opts string
   358  	if readonly {
   359  		opts = "lowerdir=" + diffDir + ":" + strings.Join(absLowers, ":")
   360  	} else {
   361  		opts = "lowerdir=" + strings.Join(absLowers, ":") + ",upperdir=" + diffDir + ",workdir=" + workDir
   362  	}
   363  
   364  	mountData := label.FormatMountLabel(opts, mountLabel)
   365  	mountTarget := mergedDir
   366  
   367  	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
   368  	if err != nil {
   369  		return nil, err
   370  	}
   371  	if err := idtools.MkdirAndChown(mergedDir, 0700, idtools.Identity{UID: rootUID, GID: rootGID}); err != nil {
   372  		return nil, err
   373  	}
   374  
   375  	mountProgram := exec.Command(binary, "-o", mountData, mountTarget)
   376  	mountProgram.Dir = d.home
   377  	var b bytes.Buffer
   378  	mountProgram.Stderr = &b
   379  	if err = mountProgram.Run(); err != nil {
   380  		output := b.String()
   381  		if output == "" {
   382  			output = "<stderr empty>"
   383  		}
   384  		return nil, errors.Wrapf(err, "using mount program %s: %s", binary, output)
   385  	}
   386  
   387  	return containerfs.NewLocalContainerFS(mergedDir), nil
   388  }
   389  
   390  // Put unmounts the mount path created for the give id.
   391  // It also removes the 'merged' directory to force the kernel to unmount the
   392  // overlay mount in other namespaces.
   393  func (d *Driver) Put(id string) error {
   394  	d.locker.Lock(id)
   395  	defer d.locker.Unlock(id)
   396  	dir := d.dir(id)
   397  	_, err := ioutil.ReadFile(path.Join(dir, lowerFile))
   398  	if err != nil {
   399  		// If no lower, no mount happened and just return directly
   400  		if os.IsNotExist(err) {
   401  			return nil
   402  		}
   403  		return err
   404  	}
   405  
   406  	mountpoint := path.Join(dir, mergedDirName)
   407  	if count := d.ctr.Decrement(mountpoint); count > 0 {
   408  		return nil
   409  	}
   410  	if unmounted := fusermountU(mountpoint); !unmounted {
   411  		if err := unix.Unmount(mountpoint, unix.MNT_DETACH); err != nil {
   412  			logger.Debugf("Failed to unmount %s overlay: %s - %v", id, mountpoint, err)
   413  		}
   414  	}
   415  	// Remove the mountpoint here. Removing the mountpoint (in newer kernels)
   416  	// will cause all other instances of this mount in other mount namespaces
   417  	// to be unmounted. This is necessary to avoid cases where an overlay mount
   418  	// that is present in another namespace will cause subsequent mounts
   419  	// operations to fail with ebusy.  We ignore any errors here because this may
   420  	// fail on older kernels which don't have
   421  	// torvalds/linux@8ed936b5671bfb33d89bc60bdcc7cf0470ba52fe applied.
   422  	if err := unix.Rmdir(mountpoint); err != nil && !os.IsNotExist(err) {
   423  		logger.Debugf("Failed to remove %s overlay: %v", id, err)
   424  	}
   425  	return nil
   426  }
   427  
   428  // Exists checks to see if the id is already mounted.
   429  func (d *Driver) Exists(id string) bool {
   430  	_, err := os.Stat(d.dir(id))
   431  	return err == nil
   432  }
   433  
   434  // isParent determines whether the given parent is the direct parent of the
   435  // given layer id
   436  func (d *Driver) isParent(id, parent string) bool {
   437  	lowers, err := d.getLowerDirs(id)
   438  	if err != nil {
   439  		return false
   440  	}
   441  	if parent == "" && len(lowers) > 0 {
   442  		return false
   443  	}
   444  
   445  	parentDir := d.dir(parent)
   446  	var ld string
   447  	if len(lowers) > 0 {
   448  		ld = filepath.Dir(lowers[0])
   449  	}
   450  	if ld == "" && parent == "" {
   451  		return true
   452  	}
   453  	return ld == parentDir
   454  }
   455  
   456  // ApplyDiff applies the new layer into a root
   457  func (d *Driver) ApplyDiff(id string, parent string, diff io.Reader) (size int64, err error) {
   458  	if !d.isParent(id, parent) {
   459  		return d.naiveDiff.ApplyDiff(id, parent, diff)
   460  	}
   461  
   462  	applyDir := d.getDiffPath(id)
   463  
   464  	logger.Debugf("Applying tar in %s", applyDir)
   465  	// Overlay doesn't need the parent id to apply the diff
   466  	if err := untar(diff, applyDir, &archive.TarOptions{
   467  		UIDMaps: d.uidMaps,
   468  		GIDMaps: d.gidMaps,
   469  		// Use AUFS whiteout format: https://github.com/containers/storage/blob/39a8d5ed9843844eafb5d2ba6e6a7510e0126f40/drivers/overlay/overlay.go#L1084-L1089
   470  		WhiteoutFormat: archive.AUFSWhiteoutFormat,
   471  		InUserNS:       userns.RunningInUserNS(),
   472  	}); err != nil {
   473  		return 0, err
   474  	}
   475  
   476  	return directory.Size(context.TODO(), applyDir)
   477  }
   478  
   479  func (d *Driver) getDiffPath(id string) string {
   480  	dir := d.dir(id)
   481  
   482  	return path.Join(dir, diffDirName)
   483  }
   484  
   485  // DiffSize calculates the changes between the specified id
   486  // and its parent and returns the size in bytes of the changes
   487  // relative to its base filesystem directory.
   488  func (d *Driver) DiffSize(id, parent string) (size int64, err error) {
   489  	return d.naiveDiff.DiffSize(id, parent)
   490  }
   491  
   492  // Diff produces an archive of the changes between the specified
   493  // layer and its parent layer which may be "".
   494  func (d *Driver) Diff(id, parent string) (io.ReadCloser, error) {
   495  	return d.naiveDiff.Diff(id, parent)
   496  }
   497  
   498  // Changes produces a list of changes between the specified layer and its
   499  // parent layer. If parent is "", then all changes will be ADD changes.
   500  func (d *Driver) Changes(id, parent string) ([]archive.Change, error) {
   501  	return d.naiveDiff.Changes(id, parent)
   502  }
   503  
   504  // fusermountU is from https://github.com/containers/storage/blob/39a8d5ed9843844eafb5d2ba6e6a7510e0126f40/drivers/overlay/overlay.go#L1016-L1040
   505  func fusermountU(mountpoint string) (unmounted bool) {
   506  	// Attempt to unmount the FUSE mount using either fusermount or fusermount3.
   507  	// If they fail, fallback to unix.Unmount
   508  	for _, v := range []string{"fusermount3", "fusermount"} {
   509  		err := exec.Command(v, "-u", mountpoint).Run()
   510  		if err != nil && !os.IsNotExist(err) {
   511  			logrus.Debugf("Error unmounting %s with %s - %v", mountpoint, v, err)
   512  		}
   513  		if err == nil {
   514  			unmounted = true
   515  			break
   516  		}
   517  	}
   518  	// If fusermount|fusermount3 failed to unmount the FUSE file system, make sure all
   519  	// pending changes are propagated to the file system
   520  	if !unmounted {
   521  		fd, err := unix.Open(mountpoint, unix.O_DIRECTORY, 0)
   522  		if err == nil {
   523  			if err := unix.Syncfs(fd); err != nil {
   524  				logrus.Debugf("Error Syncfs(%s) - %v", mountpoint, err)
   525  			}
   526  			unix.Close(fd)
   527  		}
   528  	}
   529  	return
   530  }