From 57f870eebeff1235a7cccd5310fadbd7f2dce5de Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 16 Aug 2022 12:01:21 +0200 Subject: [PATCH 1/2] overlay: do not clone source recursively do not clone the source directory in recursive mode (the equivalent of MS_BIND|MS_RECURSIVE) but use only a regular bind mount. If not recursive bind mount is used then the existing overlay mounts are not replicated. In this way a new idmapped mount won't need to map the overlay mount as well, causing the mount_settattr(2) syscall to fail with EINVAL since it is not possible to idmap an overlay mount yet. Closes: https://github.com/containers/storage/issues/1308 Signed-off-by: Giuseppe Scrivano --- drivers/overlay/idmapped_utils.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/overlay/idmapped_utils.go b/drivers/overlay/idmapped_utils.go index 30423e363a..3b430b1fff 100644 --- a/drivers/overlay/idmapped_utils.go +++ b/drivers/overlay/idmapped_utils.go @@ -105,7 +105,7 @@ func createIDMappedMount(source, target string, pid int) error { defer userNsFile.Close() - targetDirFd, err := openTree(source, _OPEN_TREE_CLONE|unix.AT_RECURSIVE) + targetDirFd, err := openTree(source, _OPEN_TREE_CLONE) if err != nil { return err } From b49ea12a66e7452d1ea220e9730755153f0a9939 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Wed, 17 Aug 2022 13:01:59 +0200 Subject: [PATCH 2/2] overlay: drop constants defined in unix pkg remove some constants that are also defined in the unix package. Signed-off-by: Giuseppe Scrivano --- drivers/overlay/idmapped_utils.go | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/drivers/overlay/idmapped_utils.go b/drivers/overlay/idmapped_utils.go index 3b430b1fff..4b7b0db446 100644 --- a/drivers/overlay/idmapped_utils.go +++ b/drivers/overlay/idmapped_utils.go @@ -21,17 +21,6 @@ type attr struct { userNs uint64 } -const ( - // _MOUNT_ATTR_IDMAP - Idmap mount to @userns_fd in struct mount_attr - _MOUNT_ATTR_IDMAP = 0x00100000 //nolint:golint - - // _OPEN_TREE_CLONE - Clone the source path mount - _OPEN_TREE_CLONE = 0x00000001 //nolint:golint - - // _MOVE_MOUNT_F_EMPTY_PATH - Move the path referenced by the fd - _MOVE_MOUNT_F_EMPTY_PATH = 0x00000004 //nolint:golint -) - // openTree is a wrapper for the open_tree syscall func openTree(path string, flags int) (fd int, err error) { var _p0 *byte @@ -61,7 +50,7 @@ func moveMount(fdTree int, target string) (err error) { return err } - flags := _MOVE_MOUNT_F_EMPTY_PATH + flags := unix.MOVE_MOUNT_F_EMPTY_PATH _, _, e1 := syscall.Syscall6(uintptr(unix.SYS_MOVE_MOUNT), uintptr(fdTree), uintptr(unsafe.Pointer(_p1)), @@ -98,14 +87,14 @@ func createIDMappedMount(source, target string, pid int) error { } var attr attr - attr.attrSet = _MOUNT_ATTR_IDMAP + attr.attrSet = unix.MOUNT_ATTR_IDMAP attr.attrClr = 0 attr.propagation = 0 attr.userNs = uint64(userNsFile.Fd()) defer userNsFile.Close() - targetDirFd, err := openTree(source, _OPEN_TREE_CLONE) + targetDirFd, err := openTree(source, unix.OPEN_TREE_CLONE) if err != nil { return err }