github.com/jfrazelle/docker@v1.1.2-0.20210712172922-bf78e25fe508/daemon/graphdriver/fuse-overlayfs/fuseoverlayfs.go (about) 1 // +build linux 2 3 package fuseoverlayfs // import "github.com/docker/docker/daemon/graphdriver/fuse-overlayfs" 4 5 import ( 6 "bytes" 7 "context" 8 "fmt" 9 "io" 10 "io/ioutil" 11 "os" 12 "os/exec" 13 "path" 14 "path/filepath" 15 "strings" 16 17 "github.com/containerd/containerd/pkg/userns" 18 "github.com/docker/docker/daemon/graphdriver" 19 "github.com/docker/docker/daemon/graphdriver/overlayutils" 20 "github.com/docker/docker/pkg/archive" 21 "github.com/docker/docker/pkg/chrootarchive" 22 "github.com/docker/docker/pkg/containerfs" 23 "github.com/docker/docker/pkg/directory" 24 "github.com/docker/docker/pkg/idtools" 25 "github.com/docker/docker/pkg/parsers/kernel" 26 "github.com/docker/docker/pkg/system" 27 "github.com/moby/locker" 28 "github.com/moby/sys/mount" 29 "github.com/opencontainers/selinux/go-selinux/label" 30 "github.com/pkg/errors" 31 "github.com/sirupsen/logrus" 32 "golang.org/x/sys/unix" 33 ) 34 35 var ( 36 // untar defines the untar method 37 untar = chrootarchive.UntarUncompressed 38 ) 39 40 const ( 41 driverName = "fuse-overlayfs" 42 binary = "fuse-overlayfs" 43 linkDir = "l" 44 diffDirName = "diff" 45 workDirName = "work" 46 mergedDirName = "merged" 47 lowerFile = "lower" 48 maxDepth = 128 49 50 // idLength represents the number of random characters 51 // which can be used to create the unique link identifier 52 // for every layer. If this value is too long then the 53 // page size limit for the mount command may be exceeded. 54 // The idLength should be selected such that following equation 55 // is true (512 is a buffer for label metadata). 56 // ((idLength + len(linkDir) + 1) * maxDepth) <= (pageSize - 512) 57 idLength = 26 58 ) 59 60 // Driver contains information about the home directory and the list of active 61 // mounts that are created using this driver. 62 type Driver struct { 63 home string 64 uidMaps []idtools.IDMap 65 gidMaps []idtools.IDMap 66 ctr *graphdriver.RefCounter 67 naiveDiff graphdriver.DiffDriver 68 locker *locker.Locker 69 } 70 71 var ( 72 logger = logrus.WithField("storage-driver", driverName) 73 ) 74 75 func init() { 76 graphdriver.Register(driverName, Init) 77 } 78 79 // Init returns the naive diff driver for fuse-overlayfs. 80 // If fuse-overlayfs is not supported on the host, the error 81 // graphdriver.ErrNotSupported is returned. 82 func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) { 83 if _, err := exec.LookPath(binary); err != nil { 84 logger.Error(err) 85 return nil, graphdriver.ErrNotSupported 86 } 87 if !kernel.CheckKernelVersion(4, 18, 0) { 88 return nil, graphdriver.ErrNotSupported 89 } 90 91 if err := idtools.MkdirAllAndChown(path.Join(home, linkDir), 0701, idtools.CurrentIdentity()); err != nil { 92 return nil, err 93 } 94 95 d := &Driver{ 96 home: home, 97 uidMaps: uidMaps, 98 gidMaps: gidMaps, 99 ctr: graphdriver.NewRefCounter(graphdriver.NewFsChecker(graphdriver.FsMagicFUSE)), 100 locker: locker.New(), 101 } 102 103 d.naiveDiff = graphdriver.NewNaiveDiffDriver(d, uidMaps, gidMaps) 104 105 return d, nil 106 } 107 108 func (d *Driver) String() string { 109 return driverName 110 } 111 112 // Status returns current driver information in a two dimensional string array. 113 func (d *Driver) Status() [][2]string { 114 return [][2]string{} 115 } 116 117 // GetMetadata returns metadata about the overlay driver such as the LowerDir, 118 // UpperDir, WorkDir, and MergeDir used to store data. 119 func (d *Driver) GetMetadata(id string) (map[string]string, error) { 120 dir := d.dir(id) 121 if _, err := os.Stat(dir); err != nil { 122 return nil, err 123 } 124 125 metadata := map[string]string{ 126 "WorkDir": path.Join(dir, workDirName), 127 "MergedDir": path.Join(dir, mergedDirName), 128 "UpperDir": path.Join(dir, diffDirName), 129 } 130 131 lowerDirs, err := d.getLowerDirs(id) 132 if err != nil { 133 return nil, err 134 } 135 if len(lowerDirs) > 0 { 136 metadata["LowerDir"] = strings.Join(lowerDirs, ":") 137 } 138 139 return metadata, nil 140 } 141 142 // Cleanup any state created by overlay which should be cleaned when daemon 143 // is being shutdown. For now, we just have to unmount the bind mounted 144 // we had created. 145 func (d *Driver) Cleanup() error { 146 return mount.RecursiveUnmount(d.home) 147 } 148 149 // CreateReadWrite creates a layer that is writable for use as a container 150 // file system. 151 func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error { 152 if opts != nil && len(opts.StorageOpt) != 0 { 153 return fmt.Errorf("--storage-opt is not supported") 154 } 155 return d.create(id, parent, opts) 156 } 157 158 // Create is used to create the upper, lower, and merge directories required for overlay fs for a given id. 159 // The parent filesystem is used to configure these directories for the overlay. 160 func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr error) { 161 if opts != nil && len(opts.StorageOpt) != 0 { 162 return fmt.Errorf("--storage-opt is not supported") 163 } 164 return d.create(id, parent, opts) 165 } 166 167 func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts) (retErr error) { 168 dir := d.dir(id) 169 170 rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps) 171 if err != nil { 172 return err 173 } 174 root := idtools.Identity{UID: rootUID, GID: rootGID} 175 176 currentID := idtools.CurrentIdentity() 177 if err := idtools.MkdirAllAndChown(path.Dir(dir), 0701, currentID); err != nil { 178 return err 179 } 180 if err := idtools.MkdirAndChown(dir, 0701, currentID); err != nil { 181 return err 182 } 183 184 defer func() { 185 // Clean up on failure 186 if retErr != nil { 187 os.RemoveAll(dir) 188 } 189 }() 190 191 if opts != nil && len(opts.StorageOpt) > 0 { 192 return fmt.Errorf("--storage-opt is not supported") 193 } 194 195 if err := idtools.MkdirAndChown(path.Join(dir, diffDirName), 0755, root); err != nil { 196 return err 197 } 198 199 lid := overlayutils.GenerateID(idLength, logger) 200 if err := os.Symlink(path.Join("..", id, diffDirName), path.Join(d.home, linkDir, lid)); err != nil { 201 return err 202 } 203 204 // Write link id to link file 205 if err := ioutil.WriteFile(path.Join(dir, "link"), []byte(lid), 0644); err != nil { 206 return err 207 } 208 209 // if no parent directory, done 210 if parent == "" { 211 return nil 212 } 213 214 if err := idtools.MkdirAndChown(path.Join(dir, workDirName), 0701, currentID); err != nil { 215 return err 216 } 217 218 if err := ioutil.WriteFile(path.Join(d.dir(parent), "committed"), []byte{}, 0600); err != nil { 219 return err 220 } 221 222 lower, err := d.getLower(parent) 223 if err != nil { 224 return err 225 } 226 if lower != "" { 227 if err := ioutil.WriteFile(path.Join(dir, lowerFile), []byte(lower), 0666); err != nil { 228 return err 229 } 230 } 231 232 return nil 233 } 234 235 func (d *Driver) getLower(parent string) (string, error) { 236 parentDir := d.dir(parent) 237 238 // Ensure parent exists 239 if _, err := os.Lstat(parentDir); err != nil { 240 return "", err 241 } 242 243 // Read Parent link fileA 244 parentLink, err := ioutil.ReadFile(path.Join(parentDir, "link")) 245 if err != nil { 246 return "", err 247 } 248 lowers := []string{path.Join(linkDir, string(parentLink))} 249 250 parentLower, err := ioutil.ReadFile(path.Join(parentDir, lowerFile)) 251 if err == nil { 252 parentLowers := strings.Split(string(parentLower), ":") 253 lowers = append(lowers, parentLowers...) 254 } 255 if len(lowers) > maxDepth { 256 return "", errors.New("max depth exceeded") 257 } 258 return strings.Join(lowers, ":"), nil 259 } 260 261 func (d *Driver) dir(id string) string { 262 return path.Join(d.home, id) 263 } 264 265 func (d *Driver) getLowerDirs(id string) ([]string, error) { 266 var lowersArray []string 267 lowers, err := ioutil.ReadFile(path.Join(d.dir(id), lowerFile)) 268 if err == nil { 269 for _, s := range strings.Split(string(lowers), ":") { 270 lp, err := os.Readlink(path.Join(d.home, s)) 271 if err != nil { 272 return nil, err 273 } 274 lowersArray = append(lowersArray, path.Clean(path.Join(d.home, linkDir, lp))) 275 } 276 } else if !os.IsNotExist(err) { 277 return nil, err 278 } 279 return lowersArray, nil 280 } 281 282 // Remove cleans the directories that are created for this id. 283 func (d *Driver) Remove(id string) error { 284 if id == "" { 285 return fmt.Errorf("refusing to remove the directories: id is empty") 286 } 287 d.locker.Lock(id) 288 defer d.locker.Unlock(id) 289 dir := d.dir(id) 290 lid, err := ioutil.ReadFile(path.Join(dir, "link")) 291 if err == nil { 292 if len(lid) == 0 { 293 logger.Errorf("refusing to remove empty link for layer %v", id) 294 } else if err := os.RemoveAll(path.Join(d.home, linkDir, string(lid))); err != nil { 295 logger.Debugf("Failed to remove link: %v", err) 296 } 297 } 298 299 if err := system.EnsureRemoveAll(dir); err != nil && !os.IsNotExist(err) { 300 return err 301 } 302 return nil 303 } 304 305 // Get creates and mounts the required file system for the given id and returns the mount path. 306 func (d *Driver) Get(id, mountLabel string) (_ containerfs.ContainerFS, retErr error) { 307 d.locker.Lock(id) 308 defer d.locker.Unlock(id) 309 dir := d.dir(id) 310 if _, err := os.Stat(dir); err != nil { 311 return nil, err 312 } 313 314 diffDir := path.Join(dir, diffDirName) 315 lowers, err := ioutil.ReadFile(path.Join(dir, lowerFile)) 316 if err != nil { 317 // If no lower, just return diff directory 318 if os.IsNotExist(err) { 319 return containerfs.NewLocalContainerFS(diffDir), nil 320 } 321 return nil, err 322 } 323 324 mergedDir := path.Join(dir, mergedDirName) 325 if count := d.ctr.Increment(mergedDir); count > 1 { 326 return containerfs.NewLocalContainerFS(mergedDir), nil 327 } 328 defer func() { 329 if retErr != nil { 330 if c := d.ctr.Decrement(mergedDir); c <= 0 { 331 if unmounted := fusermountU(mergedDir); !unmounted { 332 if mntErr := unix.Unmount(mergedDir, 0); mntErr != nil { 333 logger.Errorf("error unmounting %v: %v", mergedDir, mntErr) 334 } 335 } 336 // Cleanup the created merged directory; see the comment in Put's rmdir 337 if rmErr := unix.Rmdir(mergedDir); rmErr != nil && !os.IsNotExist(rmErr) { 338 logger.Debugf("Failed to remove %s: %v: %v", id, rmErr, err) 339 } 340 } 341 } 342 }() 343 344 workDir := path.Join(dir, workDirName) 345 splitLowers := strings.Split(string(lowers), ":") 346 absLowers := make([]string, len(splitLowers)) 347 for i, s := range splitLowers { 348 absLowers[i] = path.Join(d.home, s) 349 } 350 var readonly bool 351 if _, err := os.Stat(path.Join(dir, "committed")); err == nil { 352 readonly = true 353 } else if !os.IsNotExist(err) { 354 return nil, err 355 } 356 357 var opts string 358 if readonly { 359 opts = "lowerdir=" + diffDir + ":" + strings.Join(absLowers, ":") 360 } else { 361 opts = "lowerdir=" + strings.Join(absLowers, ":") + ",upperdir=" + diffDir + ",workdir=" + workDir 362 } 363 364 mountData := label.FormatMountLabel(opts, mountLabel) 365 mountTarget := mergedDir 366 367 rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps) 368 if err != nil { 369 return nil, err 370 } 371 if err := idtools.MkdirAndChown(mergedDir, 0700, idtools.Identity{UID: rootUID, GID: rootGID}); err != nil { 372 return nil, err 373 } 374 375 mountProgram := exec.Command(binary, "-o", mountData, mountTarget) 376 mountProgram.Dir = d.home 377 var b bytes.Buffer 378 mountProgram.Stderr = &b 379 if err = mountProgram.Run(); err != nil { 380 output := b.String() 381 if output == "" { 382 output = "<stderr empty>" 383 } 384 return nil, errors.Wrapf(err, "using mount program %s: %s", binary, output) 385 } 386 387 return containerfs.NewLocalContainerFS(mergedDir), nil 388 } 389 390 // Put unmounts the mount path created for the give id. 391 // It also removes the 'merged' directory to force the kernel to unmount the 392 // overlay mount in other namespaces. 393 func (d *Driver) Put(id string) error { 394 d.locker.Lock(id) 395 defer d.locker.Unlock(id) 396 dir := d.dir(id) 397 _, err := ioutil.ReadFile(path.Join(dir, lowerFile)) 398 if err != nil { 399 // If no lower, no mount happened and just return directly 400 if os.IsNotExist(err) { 401 return nil 402 } 403 return err 404 } 405 406 mountpoint := path.Join(dir, mergedDirName) 407 if count := d.ctr.Decrement(mountpoint); count > 0 { 408 return nil 409 } 410 if unmounted := fusermountU(mountpoint); !unmounted { 411 if err := unix.Unmount(mountpoint, unix.MNT_DETACH); err != nil { 412 logger.Debugf("Failed to unmount %s overlay: %s - %v", id, mountpoint, err) 413 } 414 } 415 // Remove the mountpoint here. Removing the mountpoint (in newer kernels) 416 // will cause all other instances of this mount in other mount namespaces 417 // to be unmounted. This is necessary to avoid cases where an overlay mount 418 // that is present in another namespace will cause subsequent mounts 419 // operations to fail with ebusy. We ignore any errors here because this may 420 // fail on older kernels which don't have 421 // torvalds/linux@8ed936b5671bfb33d89bc60bdcc7cf0470ba52fe applied. 422 if err := unix.Rmdir(mountpoint); err != nil && !os.IsNotExist(err) { 423 logger.Debugf("Failed to remove %s overlay: %v", id, err) 424 } 425 return nil 426 } 427 428 // Exists checks to see if the id is already mounted. 429 func (d *Driver) Exists(id string) bool { 430 _, err := os.Stat(d.dir(id)) 431 return err == nil 432 } 433 434 // isParent determines whether the given parent is the direct parent of the 435 // given layer id 436 func (d *Driver) isParent(id, parent string) bool { 437 lowers, err := d.getLowerDirs(id) 438 if err != nil { 439 return false 440 } 441 if parent == "" && len(lowers) > 0 { 442 return false 443 } 444 445 parentDir := d.dir(parent) 446 var ld string 447 if len(lowers) > 0 { 448 ld = filepath.Dir(lowers[0]) 449 } 450 if ld == "" && parent == "" { 451 return true 452 } 453 return ld == parentDir 454 } 455 456 // ApplyDiff applies the new layer into a root 457 func (d *Driver) ApplyDiff(id string, parent string, diff io.Reader) (size int64, err error) { 458 if !d.isParent(id, parent) { 459 return d.naiveDiff.ApplyDiff(id, parent, diff) 460 } 461 462 applyDir := d.getDiffPath(id) 463 464 logger.Debugf("Applying tar in %s", applyDir) 465 // Overlay doesn't need the parent id to apply the diff 466 if err := untar(diff, applyDir, &archive.TarOptions{ 467 UIDMaps: d.uidMaps, 468 GIDMaps: d.gidMaps, 469 // Use AUFS whiteout format: https://github.com/containers/storage/blob/39a8d5ed9843844eafb5d2ba6e6a7510e0126f40/drivers/overlay/overlay.go#L1084-L1089 470 WhiteoutFormat: archive.AUFSWhiteoutFormat, 471 InUserNS: userns.RunningInUserNS(), 472 }); err != nil { 473 return 0, err 474 } 475 476 return directory.Size(context.TODO(), applyDir) 477 } 478 479 func (d *Driver) getDiffPath(id string) string { 480 dir := d.dir(id) 481 482 return path.Join(dir, diffDirName) 483 } 484 485 // DiffSize calculates the changes between the specified id 486 // and its parent and returns the size in bytes of the changes 487 // relative to its base filesystem directory. 488 func (d *Driver) DiffSize(id, parent string) (size int64, err error) { 489 return d.naiveDiff.DiffSize(id, parent) 490 } 491 492 // Diff produces an archive of the changes between the specified 493 // layer and its parent layer which may be "". 494 func (d *Driver) Diff(id, parent string) (io.ReadCloser, error) { 495 return d.naiveDiff.Diff(id, parent) 496 } 497 498 // Changes produces a list of changes between the specified layer and its 499 // parent layer. If parent is "", then all changes will be ADD changes. 500 func (d *Driver) Changes(id, parent string) ([]archive.Change, error) { 501 return d.naiveDiff.Changes(id, parent) 502 } 503 504 // fusermountU is from https://github.com/containers/storage/blob/39a8d5ed9843844eafb5d2ba6e6a7510e0126f40/drivers/overlay/overlay.go#L1016-L1040 505 func fusermountU(mountpoint string) (unmounted bool) { 506 // Attempt to unmount the FUSE mount using either fusermount or fusermount3. 507 // If they fail, fallback to unix.Unmount 508 for _, v := range []string{"fusermount3", "fusermount"} { 509 err := exec.Command(v, "-u", mountpoint).Run() 510 if err != nil && !os.IsNotExist(err) { 511 logrus.Debugf("Error unmounting %s with %s - %v", mountpoint, v, err) 512 } 513 if err == nil { 514 unmounted = true 515 break 516 } 517 } 518 // If fusermount|fusermount3 failed to unmount the FUSE file system, make sure all 519 // pending changes are propagated to the file system 520 if !unmounted { 521 fd, err := unix.Open(mountpoint, unix.O_DIRECTORY, 0) 522 if err == nil { 523 if err := unix.Syncfs(fd); err != nil { 524 logrus.Debugf("Error Syncfs(%s) - %v", mountpoint, err) 525 } 526 unix.Close(fd) 527 } 528 } 529 return 530 }