github.com/thy00/storage@v1.12.8/drivers/overlay/overlay.go (about) 1 // +build linux 2 3 package overlay 4 5 import ( 6 "bytes" 7 "fmt" 8 "io" 9 "io/ioutil" 10 "os" 11 "os/exec" 12 "path" 13 "path/filepath" 14 "strconv" 15 "strings" 16 "sync" 17 "syscall" 18 19 graphdriver "github.com/containers/storage/drivers" 20 "github.com/containers/storage/drivers/overlayutils" 21 "github.com/containers/storage/drivers/quota" 22 "github.com/containers/storage/pkg/archive" 23 "github.com/containers/storage/pkg/chrootarchive" 24 "github.com/containers/storage/pkg/directory" 25 "github.com/containers/storage/pkg/fsutils" 26 "github.com/containers/storage/pkg/idtools" 27 "github.com/containers/storage/pkg/locker" 28 "github.com/containers/storage/pkg/mount" 29 "github.com/containers/storage/pkg/ostree" 30 "github.com/containers/storage/pkg/parsers" 31 "github.com/containers/storage/pkg/system" 32 units "github.com/docker/go-units" 33 rsystem "github.com/opencontainers/runc/libcontainer/system" 34 "github.com/opencontainers/selinux/go-selinux/label" 35 "github.com/pkg/errors" 36 "github.com/sirupsen/logrus" 37 "golang.org/x/sys/unix" 38 ) 39 40 var ( 41 // untar defines the untar method 42 untar = chrootarchive.UntarUncompressed 43 ) 44 45 // This backend uses the overlay union filesystem for containers 46 // with diff directories for each layer. 47 48 // This version of the overlay driver requires at least kernel 49 // 4.0.0 in order to support mounting multiple diff directories. 50 51 // Each container/image has at least a "diff" directory and "link" file. 52 // If there is also a "lower" file when there are diff layers 53 // below as well as "merged" and "work" directories. The "diff" directory 54 // has the upper layer of the overlay and is used to capture any 55 // changes to the layer. The "lower" file contains all the lower layer 56 // mounts separated by ":" and ordered from uppermost to lowermost 57 // layers. The overlay itself is mounted in the "merged" directory, 58 // and the "work" dir is needed for overlay to work. 59 60 // The "link" file for each layer contains a unique string for the layer. 61 // Under the "l" directory at the root there will be a symbolic link 62 // with that unique string pointing the "diff" directory for the layer. 63 // The symbolic links are used to reference lower layers in the "lower" 64 // file and on mount. The links are used to shorten the total length 65 // of a layer reference without requiring changes to the layer identifier 66 // or root directory. Mounts are always done relative to root and 67 // referencing the symbolic links in order to ensure the number of 68 // lower directories can fit in a single page for making the mount 69 // syscall. A hard upper limit of 128 lower layers is enforced to ensure 70 // that mounts do not fail due to length. 71 72 const ( 73 linkDir = "l" 74 lowerFile = "lower" 75 maxDepth = 128 76 77 // idLength represents the number of random characters 78 // which can be used to create the unique link identifer 79 // for every layer. If this value is too long then the 80 // page size limit for the mount command may be exceeded. 81 // The idLength should be selected such that following equation 82 // is true (512 is a buffer for label metadata). 83 // ((idLength + len(linkDir) + 1) * maxDepth) <= (pageSize - 512) 84 idLength = 26 85 ) 86 87 type overlayOptions struct { 88 imageStores []string 89 quota quota.Quota 90 mountProgram string 91 ostreeRepo string 92 skipMountHome bool 93 mountOptions string 94 } 95 96 // Driver contains information about the home directory and the list of active mounts that are created using this driver. 97 type Driver struct { 98 name string 99 home string 100 uidMaps []idtools.IDMap 101 gidMaps []idtools.IDMap 102 ctr *graphdriver.RefCounter 103 quotaCtl *quota.Control 104 options overlayOptions 105 naiveDiff graphdriver.DiffDriver 106 supportsDType bool 107 usingMetacopy bool 108 locker *locker.Locker 109 convert map[string]bool 110 } 111 112 var ( 113 backingFs = "<unknown>" 114 projectQuotaSupported = false 115 116 useNaiveDiffLock sync.Once 117 useNaiveDiffOnly bool 118 ) 119 120 func init() { 121 graphdriver.Register("overlay", Init) 122 graphdriver.Register("overlay2", Init) 123 } 124 125 // Init returns the a native diff driver for overlay filesystem. 126 // If overlay filesystem is not supported on the host, a wrapped graphdriver.ErrNotSupported is returned as error. 127 // If an overlay filesystem is not supported over an existing filesystem then a wrapped graphdriver.ErrIncompatibleFS is returned. 128 func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) { 129 opts, err := parseOptions(options) 130 if err != nil { 131 return nil, err 132 } 133 134 fsMagic, err := graphdriver.GetFSMagic(home) 135 if err != nil { 136 return nil, err 137 } 138 if fsName, ok := graphdriver.FsNames[fsMagic]; ok { 139 backingFs = fsName 140 } 141 142 // check if they are running over btrfs, aufs, zfs, overlay, or ecryptfs 143 if opts.mountProgram == "" { 144 switch fsMagic { 145 case graphdriver.FsMagicAufs, graphdriver.FsMagicZfs, graphdriver.FsMagicOverlay, graphdriver.FsMagicEcryptfs: 146 logrus.Errorf("'overlay' is not supported over %s", backingFs) 147 return nil, errors.Wrapf(graphdriver.ErrIncompatibleFS, "'overlay' is not supported over %s", backingFs) 148 } 149 } 150 151 rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps) 152 if err != nil { 153 return nil, err 154 } 155 156 // Create the driver home dir 157 if err := idtools.MkdirAllAs(path.Join(home, linkDir), 0700, rootUID, rootGID); err != nil && !os.IsExist(err) { 158 return nil, err 159 } 160 161 var usingMetacopy bool 162 var supportsDType bool 163 if opts.mountProgram != "" { 164 supportsDType = true 165 } else { 166 supportsDType, err = supportsOverlay(home, fsMagic, rootUID, rootGID) 167 if err != nil { 168 os.Remove(filepath.Join(home, linkDir)) 169 os.Remove(home) 170 patherr, ok := err.(*os.PathError) 171 if ok && patherr.Err == syscall.ENOSPC { 172 return nil, err 173 } 174 return nil, errors.Wrap(err, "kernel does not support overlay fs") 175 } 176 usingMetacopy, err = doesMetacopy(home, opts.mountOptions) 177 if err == nil { 178 if usingMetacopy { 179 logrus.Debugf("overlay test mount indicated that metacopy is being used") 180 } else { 181 logrus.Debugf("overlay test mount indicated that metacopy is not being used") 182 } 183 } else { 184 logrus.Warnf("overlay test mount did not indicate whether or not metacopy is being used: %v", err) 185 return nil, err 186 } 187 } 188 189 if !opts.skipMountHome { 190 if err := mount.MakePrivate(home); err != nil { 191 return nil, err 192 } 193 } 194 195 if opts.ostreeRepo != "" { 196 if err := ostree.CreateOSTreeRepository(opts.ostreeRepo, rootUID, rootGID); err != nil { 197 return nil, err 198 } 199 } 200 201 d := &Driver{ 202 name: "overlay", 203 home: home, 204 uidMaps: uidMaps, 205 gidMaps: gidMaps, 206 ctr: graphdriver.NewRefCounter(graphdriver.NewFsChecker(graphdriver.FsMagicOverlay)), 207 supportsDType: supportsDType, 208 usingMetacopy: usingMetacopy, 209 locker: locker.New(), 210 options: *opts, 211 convert: make(map[string]bool), 212 } 213 214 d.naiveDiff = graphdriver.NewNaiveDiffDriver(d, d) 215 216 if backingFs == "xfs" { 217 // Try to enable project quota support over xfs. 218 if d.quotaCtl, err = quota.NewControl(home); err == nil { 219 projectQuotaSupported = true 220 } else if opts.quota.Size > 0 { 221 return nil, fmt.Errorf("Storage option overlay.size not supported. Filesystem does not support Project Quota: %v", err) 222 } 223 } else if opts.quota.Size > 0 { 224 // if xfs is not the backing fs then error out if the storage-opt overlay.size is used. 225 return nil, fmt.Errorf("Storage option overlay.size only supported for backingFS XFS. Found %v", backingFs) 226 } 227 228 logrus.Debugf("backingFs=%s, projectQuotaSupported=%v, useNativeDiff=%v, usingMetacopy=%v", backingFs, projectQuotaSupported, !d.useNaiveDiff(), d.usingMetacopy) 229 230 return d, nil 231 } 232 233 func parseOptions(options []string) (*overlayOptions, error) { 234 o := &overlayOptions{} 235 for _, option := range options { 236 key, val, err := parsers.ParseKeyValueOpt(option) 237 if err != nil { 238 return nil, err 239 } 240 key = strings.ToLower(key) 241 switch key { 242 case ".override_kernel_check", "overlay.override_kernel_check", "overlay2.override_kernel_check": 243 logrus.Warnf("overlay: override_kernel_check option was specified, but is no longer necessary") 244 case ".mountopt", "overlay.mountopt", "overlay2.mountopt": 245 o.mountOptions = val 246 case ".size", "overlay.size", "overlay2.size": 247 logrus.Debugf("overlay: size=%s", val) 248 size, err := units.RAMInBytes(val) 249 if err != nil { 250 return nil, err 251 } 252 o.quota.Size = uint64(size) 253 case ".imagestore", "overlay.imagestore", "overlay2.imagestore": 254 logrus.Debugf("overlay: imagestore=%s", val) 255 // Additional read only image stores to use for lower paths 256 for _, store := range strings.Split(val, ",") { 257 store = filepath.Clean(store) 258 if !filepath.IsAbs(store) { 259 return nil, fmt.Errorf("overlay: image path %q is not absolute. Can not be relative", store) 260 } 261 st, err := os.Stat(store) 262 if err != nil { 263 return nil, fmt.Errorf("overlay: can't stat imageStore dir %s: %v", store, err) 264 } 265 if !st.IsDir() { 266 return nil, fmt.Errorf("overlay: image path %q must be a directory", store) 267 } 268 o.imageStores = append(o.imageStores, store) 269 } 270 case ".mount_program", "overlay.mount_program", "overlay2.mount_program": 271 logrus.Debugf("overlay: mount_program=%s", val) 272 _, err := os.Stat(val) 273 if err != nil { 274 return nil, fmt.Errorf("overlay: can't stat program %s: %v", val, err) 275 } 276 o.mountProgram = val 277 case "overlay2.ostree_repo", "overlay.ostree_repo", ".ostree_repo": 278 logrus.Debugf("overlay: ostree_repo=%s", val) 279 if !ostree.OstreeSupport() { 280 return nil, fmt.Errorf("overlay: ostree_repo specified but support for ostree is missing") 281 } 282 o.ostreeRepo = val 283 case "overlay2.skip_mount_home", "overlay.skip_mount_home", ".skip_mount_home": 284 logrus.Debugf("overlay: skip_mount_home=%s", val) 285 o.skipMountHome, err = strconv.ParseBool(val) 286 if err != nil { 287 return nil, err 288 } 289 default: 290 return nil, fmt.Errorf("overlay: Unknown option %s", key) 291 } 292 } 293 return o, nil 294 } 295 296 func supportsOverlay(home string, homeMagic graphdriver.FsMagic, rootUID, rootGID int) (supportsDType bool, err error) { 297 // We can try to modprobe overlay first 298 299 exec.Command("modprobe", "overlay").Run() 300 301 layerDir, err := ioutil.TempDir(home, "compat") 302 if err != nil { 303 patherr, ok := err.(*os.PathError) 304 if ok && patherr.Err == syscall.ENOSPC { 305 return false, err 306 } 307 } 308 if err == nil { 309 // Check if reading the directory's contents populates the d_type field, which is required 310 // for proper operation of the overlay filesystem. 311 supportsDType, err = fsutils.SupportsDType(layerDir) 312 if err != nil { 313 return false, err 314 } 315 if !supportsDType { 316 return false, overlayutils.ErrDTypeNotSupported("overlay", backingFs) 317 } 318 319 // Try a test mount in the specific location we're looking at using. 320 mergedDir := filepath.Join(layerDir, "merged") 321 lower1Dir := filepath.Join(layerDir, "lower1") 322 lower2Dir := filepath.Join(layerDir, "lower2") 323 upperDir := filepath.Join(layerDir, "upper") 324 workDir := filepath.Join(layerDir, "work") 325 defer func() { 326 // Permitted to fail, since the various subdirectories 327 // can be empty or not even there, and the home might 328 // legitimately be not empty 329 _ = unix.Unmount(mergedDir, unix.MNT_DETACH) 330 _ = os.RemoveAll(layerDir) 331 _ = os.Remove(home) 332 }() 333 _ = idtools.MkdirAs(mergedDir, 0700, rootUID, rootGID) 334 _ = idtools.MkdirAs(lower1Dir, 0700, rootUID, rootGID) 335 _ = idtools.MkdirAs(lower2Dir, 0700, rootUID, rootGID) 336 _ = idtools.MkdirAs(upperDir, 0700, rootUID, rootGID) 337 _ = idtools.MkdirAs(workDir, 0700, rootUID, rootGID) 338 flags := fmt.Sprintf("lowerdir=%s:%s,upperdir=%s,workdir=%s", lower1Dir, lower2Dir, upperDir, workDir) 339 if len(flags) < unix.Getpagesize() { 340 err := mountFrom(filepath.Dir(home), "overlay", mergedDir, "overlay", 0, flags) 341 if err == nil { 342 logrus.Debugf("overlay test mount with multiple lowers succeeded") 343 return supportsDType, nil 344 } else { 345 logrus.Debugf("overlay test mount with multiple lowers failed %v", err) 346 } 347 } 348 flags = fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", lower1Dir, upperDir, workDir) 349 if len(flags) < unix.Getpagesize() { 350 err := mountFrom(filepath.Dir(home), "overlay", mergedDir, "overlay", 0, flags) 351 if err == nil { 352 logrus.Errorf("overlay test mount with multiple lowers failed, but succeeded with a single lower") 353 return supportsDType, errors.Wrap(graphdriver.ErrNotSupported, "kernel too old to provide multiple lowers feature for overlay") 354 } else { 355 logrus.Debugf("overlay test mount with a single lower failed %v", err) 356 } 357 } 358 logrus.Errorf("'overlay' is not supported over %s at %q", backingFs, home) 359 return supportsDType, errors.Wrapf(graphdriver.ErrIncompatibleFS, "'overlay' is not supported over %s at %q", backingFs, home) 360 } 361 362 logrus.Error("'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded.") 363 return supportsDType, errors.Wrap(graphdriver.ErrNotSupported, "'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded.") 364 } 365 366 func (d *Driver) useNaiveDiff() bool { 367 useNaiveDiffLock.Do(func() { 368 if d.options.mountProgram != "" { 369 useNaiveDiffOnly = true 370 return 371 } 372 if err := doesSupportNativeDiff(d.home, d.options.mountOptions); err != nil { 373 logrus.Warnf("Not using native diff for overlay, this may cause degraded performance for building images: %v", err) 374 useNaiveDiffOnly = true 375 } 376 }) 377 return useNaiveDiffOnly 378 } 379 380 func (d *Driver) String() string { 381 return d.name 382 } 383 384 // Status returns current driver information in a two dimensional string array. 385 // Output contains "Backing Filesystem" used in this implementation. 386 func (d *Driver) Status() [][2]string { 387 return [][2]string{ 388 {"Backing Filesystem", backingFs}, 389 {"Supports d_type", strconv.FormatBool(d.supportsDType)}, 390 {"Native Overlay Diff", strconv.FormatBool(!d.useNaiveDiff())}, 391 {"Using metacopy", strconv.FormatBool(d.usingMetacopy)}, 392 } 393 } 394 395 // Metadata returns meta data about the overlay driver such as 396 // LowerDir, UpperDir, WorkDir and MergeDir used to store data. 397 func (d *Driver) Metadata(id string) (map[string]string, error) { 398 dir := d.dir(id) 399 if _, err := os.Stat(dir); err != nil { 400 return nil, err 401 } 402 403 metadata := map[string]string{ 404 "WorkDir": path.Join(dir, "work"), 405 "MergedDir": path.Join(dir, "merged"), 406 "UpperDir": path.Join(dir, "diff"), 407 } 408 409 lowerDirs, err := d.getLowerDirs(id) 410 if err != nil { 411 return nil, err 412 } 413 if len(lowerDirs) > 0 { 414 metadata["LowerDir"] = strings.Join(lowerDirs, ":") 415 } 416 417 return metadata, nil 418 } 419 420 // Cleanup any state created by overlay which should be cleaned when daemon 421 // is being shutdown. For now, we just have to unmount the bind mounted 422 // we had created. 423 func (d *Driver) Cleanup() error { 424 return mount.Unmount(d.home) 425 } 426 427 // CreateFromTemplate creates a layer with the same contents and parent as another layer. 428 func (d *Driver) CreateFromTemplate(id, template string, templateIDMappings *idtools.IDMappings, parent string, parentIDMappings *idtools.IDMappings, opts *graphdriver.CreateOpts, readWrite bool) error { 429 if readWrite { 430 return d.CreateReadWrite(id, template, opts) 431 } 432 return d.Create(id, template, opts) 433 } 434 435 // CreateReadWrite creates a layer that is writable for use as a container 436 // file system. 437 func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error { 438 if opts != nil && len(opts.StorageOpt) != 0 && !projectQuotaSupported { 439 return fmt.Errorf("--storage-opt is supported only for overlay over xfs with 'pquota' mount option") 440 } 441 442 if opts == nil { 443 opts = &graphdriver.CreateOpts{ 444 StorageOpt: map[string]string{}, 445 } 446 } 447 448 if _, ok := opts.StorageOpt["size"]; !ok { 449 if opts.StorageOpt == nil { 450 opts.StorageOpt = map[string]string{} 451 } 452 opts.StorageOpt["size"] = strconv.FormatUint(d.options.quota.Size, 10) 453 } 454 455 return d.create(id, parent, opts) 456 } 457 458 // Create is used to create the upper, lower, and merge directories required for overlay fs for a given id. 459 // The parent filesystem is used to configure these directories for the overlay. 460 func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr error) { 461 if opts != nil && len(opts.StorageOpt) != 0 { 462 if _, ok := opts.StorageOpt["size"]; ok { 463 return fmt.Errorf("--storage-opt size is only supported for ReadWrite Layers") 464 } 465 } 466 467 if d.options.ostreeRepo != "" { 468 d.convert[id] = true 469 } 470 471 return d.create(id, parent, opts) 472 } 473 474 func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts) (retErr error) { 475 dir := d.dir(id) 476 477 uidMaps := d.uidMaps 478 gidMaps := d.gidMaps 479 480 if opts != nil && opts.IDMappings != nil { 481 uidMaps = opts.IDMappings.UIDs() 482 gidMaps = opts.IDMappings.GIDs() 483 } 484 485 rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps) 486 if err != nil { 487 return err 488 } 489 // Make the link directory if it does not exist 490 if err := idtools.MkdirAllAs(path.Join(d.home, linkDir), 0700, rootUID, rootGID); err != nil && !os.IsExist(err) { 491 return err 492 } 493 if err := idtools.MkdirAllAs(path.Dir(dir), 0700, rootUID, rootGID); err != nil { 494 return err 495 } 496 if parent != "" { 497 st, err := system.Stat(d.dir(parent)) 498 if err != nil { 499 return err 500 } 501 rootUID = int(st.UID()) 502 rootGID = int(st.GID()) 503 } 504 if err := idtools.MkdirAs(dir, 0700, rootUID, rootGID); err != nil { 505 return err 506 } 507 508 defer func() { 509 // Clean up on failure 510 if retErr != nil { 511 os.RemoveAll(dir) 512 } 513 }() 514 515 if opts != nil && len(opts.StorageOpt) > 0 { 516 driver := &Driver{} 517 if err := d.parseStorageOpt(opts.StorageOpt, driver); err != nil { 518 return err 519 } 520 521 if driver.options.quota.Size > 0 { 522 // Set container disk quota limit 523 if err := d.quotaCtl.SetQuota(dir, driver.options.quota); err != nil { 524 return err 525 } 526 } 527 } 528 529 if err := idtools.MkdirAs(path.Join(dir, "diff"), 0755, rootUID, rootGID); err != nil { 530 return err 531 } 532 533 lid := generateID(idLength) 534 if err := os.Symlink(path.Join("..", id, "diff"), path.Join(d.home, linkDir, lid)); err != nil { 535 return err 536 } 537 538 // Write link id to link file 539 if err := ioutil.WriteFile(path.Join(dir, "link"), []byte(lid), 0644); err != nil { 540 return err 541 } 542 543 if err := idtools.MkdirAs(path.Join(dir, "work"), 0700, rootUID, rootGID); err != nil { 544 return err 545 } 546 if err := idtools.MkdirAs(path.Join(dir, "merged"), 0700, rootUID, rootGID); err != nil { 547 return err 548 } 549 550 // if no parent directory, create a dummy lower directory and skip writing a "lowers" file 551 if parent == "" { 552 return idtools.MkdirAs(path.Join(dir, "empty"), 0700, rootUID, rootGID) 553 } 554 555 lower, err := d.getLower(parent) 556 if err != nil { 557 return err 558 } 559 if lower != "" { 560 if err := ioutil.WriteFile(path.Join(dir, lowerFile), []byte(lower), 0666); err != nil { 561 return err 562 } 563 } 564 565 return nil 566 } 567 568 // Parse overlay storage options 569 func (d *Driver) parseStorageOpt(storageOpt map[string]string, driver *Driver) error { 570 // Read size to set the disk project quota per container 571 for key, val := range storageOpt { 572 key := strings.ToLower(key) 573 switch key { 574 case "size": 575 size, err := units.RAMInBytes(val) 576 if err != nil { 577 return err 578 } 579 driver.options.quota.Size = uint64(size) 580 default: 581 return fmt.Errorf("Unknown option %s", key) 582 } 583 } 584 585 return nil 586 } 587 588 func (d *Driver) getLower(parent string) (string, error) { 589 parentDir := d.dir(parent) 590 591 // Ensure parent exists 592 if _, err := os.Lstat(parentDir); err != nil { 593 return "", err 594 } 595 596 // Read Parent link fileA 597 parentLink, err := ioutil.ReadFile(path.Join(parentDir, "link")) 598 if err != nil { 599 return "", err 600 } 601 lowers := []string{path.Join(linkDir, string(parentLink))} 602 603 parentLower, err := ioutil.ReadFile(path.Join(parentDir, lowerFile)) 604 if err == nil { 605 parentLowers := strings.Split(string(parentLower), ":") 606 lowers = append(lowers, parentLowers...) 607 } 608 if len(lowers) > maxDepth { 609 return "", errors.New("max depth exceeded") 610 } 611 return strings.Join(lowers, ":"), nil 612 } 613 614 func (d *Driver) dir(id string) string { 615 newpath := path.Join(d.home, id) 616 if _, err := os.Stat(newpath); err != nil { 617 for _, p := range d.AdditionalImageStores() { 618 l := path.Join(p, d.name, id) 619 _, err = os.Stat(l) 620 if err == nil { 621 return l 622 } 623 } 624 } 625 return newpath 626 } 627 628 func (d *Driver) getLowerDirs(id string) ([]string, error) { 629 var lowersArray []string 630 lowers, err := ioutil.ReadFile(path.Join(d.dir(id), lowerFile)) 631 if err == nil { 632 for _, s := range strings.Split(string(lowers), ":") { 633 lower := d.dir(s) 634 lp, err := os.Readlink(lower) 635 if err != nil { 636 return nil, err 637 } 638 lowersArray = append(lowersArray, path.Clean(d.dir(path.Join("link", lp)))) 639 } 640 } else if !os.IsNotExist(err) { 641 return nil, err 642 } 643 return lowersArray, nil 644 } 645 646 func (d *Driver) optsAppendMappings(opts string, uidMaps, gidMaps []idtools.IDMap) string { 647 if uidMaps == nil { 648 uidMaps = d.uidMaps 649 } 650 if gidMaps == nil { 651 gidMaps = d.gidMaps 652 } 653 if uidMaps != nil { 654 var uids, gids bytes.Buffer 655 for _, i := range uidMaps { 656 if uids.Len() > 0 { 657 uids.WriteString(":") 658 } 659 uids.WriteString(fmt.Sprintf("%d:%d:%d", i.ContainerID, i.HostID, i.Size)) 660 } 661 for _, i := range gidMaps { 662 if gids.Len() > 0 { 663 gids.WriteString(":") 664 } 665 gids.WriteString(fmt.Sprintf("%d:%d:%d", i.ContainerID, i.HostID, i.Size)) 666 } 667 return fmt.Sprintf("%s,uidmapping=%s,gidmapping=%s", opts, uids.String(), gids.String()) 668 } 669 return opts 670 } 671 672 // Remove cleans the directories that are created for this id. 673 func (d *Driver) Remove(id string) error { 674 d.locker.Lock(id) 675 defer d.locker.Unlock(id) 676 677 // Ignore errors, we don't want to fail if the ostree branch doesn't exist, 678 if d.options.ostreeRepo != "" { 679 ostree.DeleteOSTree(d.options.ostreeRepo, id) 680 } 681 682 dir := d.dir(id) 683 lid, err := ioutil.ReadFile(path.Join(dir, "link")) 684 if err == nil { 685 if err := os.RemoveAll(path.Join(d.home, linkDir, string(lid))); err != nil { 686 logrus.Debugf("Failed to remove link: %v", err) 687 } 688 } 689 690 if err := system.EnsureRemoveAll(dir); err != nil && !os.IsNotExist(err) { 691 return err 692 } 693 return nil 694 } 695 696 // recreateSymlinks goes through the driver's home directory and checks if the diff directory 697 // under each layer has a symlink created for it under the linkDir. If the symlink does not 698 // exist, it creates them 699 func (d *Driver) recreateSymlinks() error { 700 // List all the directories under the home directory 701 dirs, err := ioutil.ReadDir(d.home) 702 if err != nil { 703 return fmt.Errorf("error reading driver home directory %q: %v", d.home, err) 704 } 705 // This makes the link directory if it doesn't exist 706 rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps) 707 if err != nil { 708 return err 709 } 710 if err := idtools.MkdirAllAs(path.Join(d.home, linkDir), 0700, rootUID, rootGID); err != nil && !os.IsExist(err) { 711 return err 712 } 713 for _, dir := range dirs { 714 // Skip over the linkDir and anything that is not a directory 715 if dir.Name() == linkDir || !dir.Mode().IsDir() { 716 continue 717 } 718 // Read the "link" file under each layer to get the name of the symlink 719 data, err := ioutil.ReadFile(path.Join(d.dir(dir.Name()), "link")) 720 if err != nil { 721 return fmt.Errorf("error reading name of symlink for %q: %v", dir, err) 722 } 723 linkPath := path.Join(d.home, linkDir, strings.Trim(string(data), "\n")) 724 // Check if the symlink exists, and if it doesn't create it again with the name we 725 // got from the "link" file 726 _, err = os.Stat(linkPath) 727 if err != nil && os.IsNotExist(err) { 728 if err := os.Symlink(path.Join("..", dir.Name(), "diff"), linkPath); err != nil { 729 return err 730 } 731 } else if err != nil { 732 return fmt.Errorf("error trying to stat %q: %v", linkPath, err) 733 } 734 } 735 return nil 736 } 737 738 // Get creates and mounts the required file system for the given id and returns the mount path. 739 func (d *Driver) Get(id string, options graphdriver.MountOpts) (_ string, retErr error) { 740 return d.get(id, false, options) 741 } 742 743 func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountOpts) (_ string, retErr error) { 744 d.locker.Lock(id) 745 defer d.locker.Unlock(id) 746 dir := d.dir(id) 747 if _, err := os.Stat(dir); err != nil { 748 return "", err 749 } 750 751 diffDir := path.Join(dir, "diff") 752 lowers, err := ioutil.ReadFile(path.Join(dir, lowerFile)) 753 if err != nil && !os.IsNotExist(err) { 754 return "", err 755 } 756 757 // absLowers is the list of lowers as absolute paths, which works well with additional stores. 758 absLowers := []string{} 759 // relLowers is the list of lowers as paths relative to the driver's home directory. 760 relLowers := []string{} 761 762 // Check if $link/../diff{1-*} exist. If they do, add them, in order, as the front of the lowers 763 // lists that we're building. "diff" itself is the upper, so it won't be in the lists. 764 link, err := ioutil.ReadFile(path.Join(dir, "link")) 765 if err != nil { 766 return "", err 767 } 768 diffN := 1 769 _, err = os.Stat(filepath.Join(dir, nameWithSuffix("diff", diffN))) 770 for err == nil { 771 absLowers = append(absLowers, filepath.Join(dir, nameWithSuffix("diff", diffN))) 772 relLowers = append(relLowers, dumbJoin(string(link), "..", nameWithSuffix("diff", diffN))) 773 diffN++ 774 _, err = os.Stat(filepath.Join(dir, nameWithSuffix("diff", diffN))) 775 } 776 777 // For each lower, resolve its path, and append it and any additional diffN 778 // directories to the lowers list. 779 for _, l := range strings.Split(string(lowers), ":") { 780 if l == "" { 781 continue 782 } 783 lower := "" 784 newpath := path.Join(d.home, l) 785 if _, err := os.Stat(newpath); err != nil { 786 for _, p := range d.AdditionalImageStores() { 787 lower = path.Join(p, d.name, l) 788 if _, err2 := os.Stat(lower); err2 == nil { 789 break 790 } 791 lower = "" 792 } 793 // if it is a "not found" error, that means the symlinks were lost in a sudden reboot 794 // so call the recreateSymlinks function to go through all the layer dirs and recreate 795 // the symlinks with the name from their respective "link" files 796 if lower == "" && os.IsNotExist(err) { 797 logrus.Warnf("Can't stat lower layer %q because it does not exist. Going through storage to recreate the missing symlinks.", newpath) 798 if err := d.recreateSymlinks(); err != nil { 799 return "", fmt.Errorf("error recreating the missing symlinks: %v", err) 800 } 801 lower = newpath 802 } else if lower == "" { 803 return "", fmt.Errorf("Can't stat lower layer %q: %v", newpath, err) 804 } 805 } else { 806 lower = newpath 807 } 808 absLowers = append(absLowers, lower) 809 relLowers = append(relLowers, l) 810 diffN = 1 811 _, err = os.Stat(dumbJoin(lower, "..", nameWithSuffix("diff", diffN))) 812 for err == nil { 813 absLowers = append(absLowers, dumbJoin(lower, "..", nameWithSuffix("diff", diffN))) 814 relLowers = append(relLowers, dumbJoin(l, "..", nameWithSuffix("diff", diffN))) 815 diffN++ 816 _, err = os.Stat(dumbJoin(lower, "..", nameWithSuffix("diff", diffN))) 817 } 818 } 819 820 // If the lowers list is still empty, use an empty lower so that we can still force an 821 // SELinux context for the mount. 822 if len(absLowers) == 0 { 823 absLowers = append(absLowers, path.Join(dir, "empty")) 824 relLowers = append(relLowers, path.Join(id, "empty")) 825 } 826 827 mergedDir := path.Join(dir, "merged") 828 if count := d.ctr.Increment(mergedDir); count > 1 { 829 return mergedDir, nil 830 } 831 defer func() { 832 if retErr != nil { 833 if c := d.ctr.Decrement(mergedDir); c <= 0 { 834 if mntErr := unix.Unmount(mergedDir, 0); mntErr != nil { 835 logrus.Errorf("error unmounting %v: %v", mergedDir, mntErr) 836 } 837 } 838 } 839 }() 840 841 workDir := path.Join(dir, "work") 842 opts := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", strings.Join(absLowers, ":"), diffDir, workDir) 843 if len(options.Options) > 0 { 844 opts = fmt.Sprintf("%s,%s", strings.Join(options.Options, ","), opts) 845 } else if d.options.mountOptions != "" { 846 opts = fmt.Sprintf("%s,%s", d.options.mountOptions, opts) 847 } 848 mountData := label.FormatMountLabel(opts, options.MountLabel) 849 mountFunc := unix.Mount 850 mountTarget := mergedDir 851 852 pageSize := unix.Getpagesize() 853 854 // Use relative paths and mountFrom when the mount data has exceeded 855 // the page size. The mount syscall fails if the mount data cannot 856 // fit within a page and relative links make the mount data much 857 // smaller at the expense of requiring a fork exec to chroot. 858 if d.options.mountProgram != "" { 859 mountFunc = func(source string, target string, mType string, flags uintptr, label string) error { 860 if !disableShifting { 861 label = d.optsAppendMappings(label, options.UidMaps, options.GidMaps) 862 } 863 864 mountProgram := exec.Command(d.options.mountProgram, "-o", label, target) 865 mountProgram.Dir = d.home 866 var b bytes.Buffer 867 mountProgram.Stderr = &b 868 err := mountProgram.Run() 869 if err != nil { 870 output := b.String() 871 if output == "" { 872 output = "<stderr empty>" 873 } 874 return errors.Wrapf(err, "using mount program %s: %s", d.options.mountProgram, output) 875 } 876 return nil 877 } 878 } else if len(mountData) > pageSize { 879 //FIXME: We need to figure out to get this to work with additional stores 880 opts = fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", strings.Join(relLowers, ":"), path.Join(id, "diff"), path.Join(id, "work")) 881 mountData = label.FormatMountLabel(opts, options.MountLabel) 882 if len(mountData) > pageSize { 883 return "", fmt.Errorf("cannot mount layer, mount label too large %d", len(mountData)) 884 } 885 mountFunc = func(source string, target string, mType string, flags uintptr, label string) error { 886 return mountFrom(d.home, source, target, mType, flags, label) 887 } 888 mountTarget = path.Join(id, "merged") 889 } 890 flags, data := mount.ParseOptions(mountData) 891 logrus.Debugf("overlay: mount_data=%s", mountData) 892 if err := mountFunc("overlay", mountTarget, "overlay", uintptr(flags), data); err != nil { 893 return "", fmt.Errorf("error creating overlay mount to %s: %v", mountTarget, err) 894 } 895 896 // chown "workdir/work" to the remapped root UID/GID. Overlay fs inside a 897 // user namespace requires this to move a directory from lower to upper. 898 rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps) 899 if err != nil { 900 return "", err 901 } 902 903 if err := os.Chown(path.Join(workDir, "work"), rootUID, rootGID); err != nil { 904 return "", err 905 } 906 907 return mergedDir, nil 908 } 909 910 // Put unmounts the mount path created for the give id. 911 func (d *Driver) Put(id string) error { 912 d.locker.Lock(id) 913 defer d.locker.Unlock(id) 914 dir := d.dir(id) 915 if _, err := os.Stat(dir); err != nil { 916 return err 917 } 918 mountpoint := path.Join(d.dir(id), "merged") 919 if count := d.ctr.Decrement(mountpoint); count > 0 { 920 return nil 921 } 922 if _, err := ioutil.ReadFile(path.Join(dir, lowerFile)); err != nil && !os.IsNotExist(err) { 923 return err 924 } 925 if err := unix.Unmount(mountpoint, unix.MNT_DETACH); err != nil { 926 logrus.Debugf("Failed to unmount %s overlay: %s - %v", id, mountpoint, err) 927 } 928 return nil 929 } 930 931 // Exists checks to see if the id is already mounted. 932 func (d *Driver) Exists(id string) bool { 933 _, err := os.Stat(d.dir(id)) 934 return err == nil 935 } 936 937 // isParent returns if the passed in parent is the direct parent of the passed in layer 938 func (d *Driver) isParent(id, parent string) bool { 939 lowers, err := d.getLowerDirs(id) 940 if err != nil { 941 return false 942 } 943 if parent == "" && len(lowers) > 0 { 944 return false 945 } 946 947 parentDir := d.dir(parent) 948 var ld string 949 if len(lowers) > 0 { 950 ld = filepath.Dir(lowers[0]) 951 } 952 if ld == "" && parent == "" { 953 return true 954 } 955 return ld == parentDir 956 } 957 958 func (d *Driver) getWhiteoutFormat() archive.WhiteoutFormat { 959 whiteoutFormat := archive.OverlayWhiteoutFormat 960 if d.options.mountProgram != "" { 961 // If we are using a mount program, we are most likely running 962 // as an unprivileged user that cannot use mknod, so fallback to the 963 // AUFS whiteout format. 964 whiteoutFormat = archive.AUFSWhiteoutFormat 965 } 966 return whiteoutFormat 967 } 968 969 // ApplyDiff applies the new layer into a root 970 func (d *Driver) ApplyDiff(id string, idMappings *idtools.IDMappings, parent string, mountLabel string, diff io.Reader) (size int64, err error) { 971 if !d.isParent(id, parent) { 972 return d.naiveDiff.ApplyDiff(id, idMappings, parent, mountLabel, diff) 973 } 974 975 if idMappings == nil { 976 idMappings = &idtools.IDMappings{} 977 } 978 979 applyDir := d.getDiffPath(id) 980 981 logrus.Debugf("Applying tar in %s", applyDir) 982 // Overlay doesn't need the parent id to apply the diff 983 if err := untar(diff, applyDir, &archive.TarOptions{ 984 UIDMaps: idMappings.UIDs(), 985 GIDMaps: idMappings.GIDs(), 986 WhiteoutFormat: d.getWhiteoutFormat(), 987 InUserNS: rsystem.RunningInUserNS(), 988 }); err != nil { 989 return 0, err 990 } 991 992 _, convert := d.convert[id] 993 if convert { 994 if err := ostree.ConvertToOSTree(d.options.ostreeRepo, applyDir, id); err != nil { 995 return 0, err 996 } 997 } 998 999 return directory.Size(applyDir) 1000 } 1001 1002 func (d *Driver) getDiffPath(id string) string { 1003 dir := d.dir(id) 1004 1005 return path.Join(dir, "diff") 1006 } 1007 1008 // DiffSize calculates the changes between the specified id 1009 // and its parent and returns the size in bytes of the changes 1010 // relative to its base filesystem directory. 1011 func (d *Driver) DiffSize(id string, idMappings *idtools.IDMappings, parent string, parentMappings *idtools.IDMappings, mountLabel string) (size int64, err error) { 1012 if d.useNaiveDiff() || !d.isParent(id, parent) { 1013 return d.naiveDiff.DiffSize(id, idMappings, parent, parentMappings, mountLabel) 1014 } 1015 return directory.Size(d.getDiffPath(id)) 1016 } 1017 1018 // Diff produces an archive of the changes between the specified 1019 // layer and its parent layer which may be "". 1020 func (d *Driver) Diff(id string, idMappings *idtools.IDMappings, parent string, parentMappings *idtools.IDMappings, mountLabel string) (io.ReadCloser, error) { 1021 if d.useNaiveDiff() || !d.isParent(id, parent) { 1022 return d.naiveDiff.Diff(id, idMappings, parent, parentMappings, mountLabel) 1023 } 1024 1025 if idMappings == nil { 1026 idMappings = &idtools.IDMappings{} 1027 } 1028 1029 lowerDirs, err := d.getLowerDirs(id) 1030 if err != nil { 1031 return nil, err 1032 } 1033 1034 diffPath := d.getDiffPath(id) 1035 logrus.Debugf("Tar with options on %s", diffPath) 1036 return archive.TarWithOptions(diffPath, &archive.TarOptions{ 1037 Compression: archive.Uncompressed, 1038 UIDMaps: idMappings.UIDs(), 1039 GIDMaps: idMappings.GIDs(), 1040 WhiteoutFormat: d.getWhiteoutFormat(), 1041 WhiteoutData: lowerDirs, 1042 }) 1043 } 1044 1045 // Changes produces a list of changes between the specified layer 1046 // and its parent layer. If parent is "", then all changes will be ADD changes. 1047 func (d *Driver) Changes(id string, idMappings *idtools.IDMappings, parent string, parentMappings *idtools.IDMappings, mountLabel string) ([]archive.Change, error) { 1048 if d.useNaiveDiff() || !d.isParent(id, parent) { 1049 return d.naiveDiff.Changes(id, idMappings, parent, parentMappings, mountLabel) 1050 } 1051 // Overlay doesn't have snapshots, so we need to get changes from all parent 1052 // layers. 1053 diffPath := d.getDiffPath(id) 1054 layers, err := d.getLowerDirs(id) 1055 if err != nil { 1056 return nil, err 1057 } 1058 1059 return archive.OverlayChanges(layers, diffPath) 1060 } 1061 1062 // AdditionalImageStores returns additional image stores supported by the driver 1063 func (d *Driver) AdditionalImageStores() []string { 1064 return d.options.imageStores 1065 } 1066 1067 // UpdateLayerIDMap updates ID mappings in a from matching the ones specified 1068 // by toContainer to those specified by toHost. 1069 func (d *Driver) UpdateLayerIDMap(id string, toContainer, toHost *idtools.IDMappings, mountLabel string) error { 1070 var err error 1071 dir := d.dir(id) 1072 diffDir := filepath.Join(dir, "diff") 1073 1074 rootUID, rootGID := 0, 0 1075 if toHost != nil { 1076 rootUID, rootGID, err = idtools.GetRootUIDGID(toHost.UIDs(), toHost.GIDs()) 1077 if err != nil { 1078 return err 1079 } 1080 } 1081 1082 // Mount the new layer and handle ownership changes and possible copy_ups in it. 1083 options := graphdriver.MountOpts{ 1084 MountLabel: mountLabel, 1085 Options: strings.Split(d.options.mountOptions, ","), 1086 } 1087 layerFs, err := d.get(id, true, options) 1088 if err != nil { 1089 return err 1090 } 1091 err = graphdriver.ChownPathByMaps(layerFs, toContainer, toHost) 1092 if err != nil { 1093 if err2 := d.Put(id); err2 != nil { 1094 logrus.Errorf("%v; error unmounting %v: %v", err, id, err2) 1095 } 1096 return err 1097 } 1098 if err = d.Put(id); err != nil { 1099 return err 1100 } 1101 1102 // Rotate the diff directories. 1103 i := 0 1104 _, err = os.Stat(nameWithSuffix(diffDir, i)) 1105 for err == nil { 1106 i++ 1107 _, err = os.Stat(nameWithSuffix(diffDir, i)) 1108 } 1109 for i > 0 { 1110 err = os.Rename(nameWithSuffix(diffDir, i-1), nameWithSuffix(diffDir, i)) 1111 if err != nil { 1112 return err 1113 } 1114 i-- 1115 } 1116 1117 // Re-create the directory that we're going to use as the upper layer. 1118 if err := idtools.MkdirAs(diffDir, 0755, rootUID, rootGID); err != nil { 1119 return err 1120 } 1121 return nil 1122 } 1123 1124 // SupportsShifting tells whether the driver support shifting of the UIDs/GIDs in an userNS 1125 func (d *Driver) SupportsShifting() bool { 1126 if os.Getenv("_TEST_FORCE_SUPPORT_SHIFTING") == "yes-please" { 1127 return true 1128 } 1129 return d.options.mountProgram != "" 1130 } 1131 1132 // dumbJoin is more or less a dumber version of filepath.Join, but one which 1133 // won't Clean() the path, allowing us to append ".." as a component and trust 1134 // pathname resolution to do some non-obvious work. 1135 func dumbJoin(names ...string) string { 1136 if len(names) == 0 { 1137 return string(os.PathSeparator) 1138 } 1139 return strings.Join(names, string(os.PathSeparator)) 1140 } 1141 1142 func nameWithSuffix(name string, number int) string { 1143 if number == 0 { 1144 return name 1145 } 1146 return fmt.Sprintf("%s%d", name, number) 1147 }