-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rootless: default to fuse-overlayfs when available #1726
rootless: default to fuse-overlayfs when available #1726
Conversation
/cc @dustymabe |
@giuseppe: GitHub didn't allow me to request PR reviews from the following users: dustymabe. Note that only containers members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Does podman info report correctly? |
@rhatdan should we change the default selinux policy to allow fuse from containers? |
Is/will this be documented somewhere that the user can find? |
yes, it is part of |
this is the default value used when there is no configuration. It gets closer to "root containers" where we default to overlay. EDIT: I've updated the documentation to say the default is not changed when fuse-overlayfs is present |
307bbe8
to
60b5900
Compare
Yes we will need to work on SELinux policy to allow container_t to use fusefs_t by default. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
We can fix this in a different PR, but this is broken,
|
docs/podman.1.md
Outdated
@@ -56,7 +56,7 @@ Path to the OCI compatible binary used to run containers | |||
|
|||
**--storage-driver, -s**=**value** | |||
|
|||
Storage driver. The default storage driver for UID 0 is configured in /etc/containers/storage.conf (`$HOME/.config/containers/storage.conf` in rootless mode), and is *vfs* for other users. The `STORAGE_DRIVER` environment variable overrides the default. The --storage-driver specified driver overrides all. | |||
Storage driver. The default storage driver for UID 0 is configured in /etc/containers/storage.conf (`$HOME/.config/containers/storage.conf` in rootless mode), and is *vfs* for other users when *fuse-overlayfs* is not available. The `STORAGE_DRIVER` environment variable overrides the default. The --storage-driver specified driver overrides all. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggestions: "for other users" -> "for non-root users"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed in a new version
60b5900
to
78aaad7
Compare
@@ -56,7 +56,7 @@ Path to the OCI compatible binary used to run containers | |||
|
|||
**--storage-driver, -s**=**value** | |||
|
|||
Storage driver. The default storage driver for UID 0 is configured in /etc/containers/storage.conf (`$HOME/.config/containers/storage.conf` in rootless mode), and is *vfs* for other users. The `STORAGE_DRIVER` environment variable overrides the default. The --storage-driver specified driver overrides all. | |||
Storage driver. The default storage driver for UID 0 is configured in /etc/containers/storage.conf (`$HOME/.config/containers/storage.conf` in rootless mode), and is *vfs* for non-root users when *fuse-overlayfs* is not available. The `STORAGE_DRIVER` environment variable overrides the default. The --storage-driver specified driver overrides all. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 Thanks @giuseppe
LGTM assuming happy tests. |
LGTM |
bot, retest this please |
1 similar comment
bot, retest this please |
I think we need a default nonroot-storage.conf file in /usr/share/containers/, this file should get copied to users homedir first time podman is run as non root. Not sure if there is a way to see if the user ever modified the file in his homedir. |
78aaad7
to
6bd64d0
Compare
@giuseppe Please rebase to pick up CI fixes |
6bd64d0
to
9025564
Compare
If fuse-overlayfs is present, rootless containers default to use it. This can still be overriden either via the command line with --storage-driver or in the ~/.config/containers/storage.conf configuration file. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
9025564
to
c7926aa
Compare
tests are passing |
/lgtm |
If fuse-overlayfs is present, rootless containers default to use it.
This can still be overriden either via the command line with
--storage-driver or in the ~/.config/containers/storage.conf
configuration file.
Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com