overlayutils: Add fastpath for userxattr check

Cleaning up TODO's. If we're on >= 5.11 we need userxattr so check the kernel version to skip the manual check via mounting. It feels odd to use contrib/seccomp here but the alternative is pulling that kernel parsing code out into the main pkgs. Another is using the moby parser but that's in moby/moby which is also a dep we don't want here.. Signed-off-by: Danny Canter <danny@dcantah.dev>
dcantah · Nov 1, 2022 · 4b2a23e · 4b2a23e
1 parent 8167751
commit 4b2a23e
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/snapshots/overlay/overlayutils/check.go b/snapshots/overlay/overlayutils/check.go
@@ -24,6 +24,7 @@ import (
 	"os"
 	"path/filepath"
 
+	kernel "github.com/containerd/containerd/contrib/seccomp/kernelversion"
 	"github.com/containerd/containerd/log"
 	"github.com/containerd/containerd/mount"
 	"github.com/containerd/containerd/pkg/userns"
@@ -113,10 +114,14 @@ func NeedsUserXAttr(d string) (bool, error) {
 		return false, nil
 	}
 
-	// TODO: add fast path for kernel >= 5.11 .
+	// Fast path on kernels >= 5.11
 	//
-	// Keep in mind that distro vendors might be going to backport the patch to older kernels.
-	// So we can't completely remove the check.
+	// Keep in mind that distro vendors might be going to backport the patch to older kernels
+	// so we can't completely remove the "slow path".
+	fiveDotEleven := kernel.KernelVersion{Kernel: 5, Major: 11}
+	if ok, err := kernel.GreaterEqualThan(fiveDotEleven); err == nil && ok {
+		return true, nil
+	}
 
 	tdRoot := filepath.Join(d, "userxattr-check")
 	if err := os.RemoveAll(tdRoot); err != nil {