Merge pull request #3320 from brauner/2020-03-22/fixes

overlay: rewrite

Merge pull request #3320 from brauner/2020-03-22/fixes
cb47a5af · Stéphane Graber · GitHub · 7d2b8a6f · 27d79d0a · cb47a5af
Unverified Commit cb47a5af authored Mar 22, 2020 by Stéphane Graber Committed by GitHub Mar 22, 2020
24 changed files
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2795,8 +2795,8 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
 /* Return the host uid/gid to which the container root is mapped in val.
 * Return true if id was found, false otherwise.
 */
-bool get_mapped_rootid(struct lxc_conf *conf, enum idtype idtype,
-		       unsigned long *val)
+static bool get_mapped_rootid(const struct lxc_conf *conf, enum idtype idtype,
+			      unsigned long *val)
 {
 	unsigned nsid;
 	struct id_map *map;
@@ -2820,7 +2820,7 @@ bool get_mapped_rootid(struct lxc_conf *conf, enum idtype idtype,
 	return false;
 }

-int mapped_hostid(unsigned id, struct lxc_conf *conf, enum idtype idtype)
+int mapped_hostid(unsigned id, const struct lxc_conf *conf, enum idtype idtype)
 {
 	struct id_map *map;
 	struct lxc_list *it;
@@ -2871,7 +2871,7 @@ int chown_mapped_root_exec_wrapper(void *args)
 * root is privileged with respect to hostuid/hostgid X, allowing
 * him to do the chown.
 */
-int chown_mapped_root(const char *path, struct lxc_conf *conf)
+int chown_mapped_root(const char *path, const struct lxc_conf *conf)
 {
 	uid_t rootuid, rootgid;
 	unsigned long val;

--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -437,9 +437,9 @@ extern int lxc_setup(struct lxc_handler *handler);
 extern int lxc_setup_parent(struct lxc_handler *handler);
 extern int setup_resource_limits(struct lxc_list *limits, pid_t pid);
 extern int find_unmapped_nsid(struct lxc_conf *conf, enum idtype idtype);
-extern int mapped_hostid(unsigned id, struct lxc_conf *conf,
+extern int mapped_hostid(unsigned id, const struct lxc_conf *conf,
 			 enum idtype idtype);
-extern int chown_mapped_root(const char *path, struct lxc_conf *conf);
+extern int chown_mapped_root(const char *path, const struct lxc_conf *conf);
 extern int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data,
 			 const char *fn_name);
 extern int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *),

--- a/src/lxc/list.h
+++ b/src/lxc/list.h
@@ -58,19 +58,19 @@ static inline void lxc_list_add_elem(struct lxc_list *list, void *elem)
 }

 /* Retrieve first element of list. */
-static inline void *lxc_list_first_elem(struct lxc_list *list)
+static inline void *lxc_list_first_elem(const struct lxc_list *list)
 {
 	return list->next->elem;
 }

 /* Retrieve last element of list. */
-static inline void *lxc_list_last_elem(struct lxc_list *list)
+static inline void *lxc_list_last_elem(const struct lxc_list *list)
 {
 	return list->prev->elem;
 }

 /* Determine if list is empty. */
-static inline int lxc_list_empty(struct lxc_list *list)
+static inline int lxc_list_empty(const struct lxc_list *list)
 {
 	return list == list->next;
 }

--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -1275,7 +1275,7 @@ static struct lxc_storage *do_storage_create(struct lxc_container *c,
 	if (ret < 0 || (size_t)ret >= len)
 		return NULL;

-	bdev = storage_create(dest, type, c->name, specs);
+	bdev = storage_create(dest, type, c->name, specs, c->lxc_conf);
 	if (!bdev) {
 		ERROR("Failed to create \"%s\" storage", type);
 		return NULL;
@@ -1290,8 +1290,7 @@ static struct lxc_storage *do_storage_create(struct lxc_container *c,
 	/* If we are not root, chown the rootfs dir to root in the target user
 	 * namespace.
 	 */
-	ret = geteuid();
-	if (ret != 0 || (c->lxc_conf && !lxc_list_empty(&c->lxc_conf->id_map))) {
+	if (am_guest_unpriv() || !lxc_list_empty(&c->lxc_conf->id_map)) {
 		ret = chown_mapped_root(bdev->dest, c->lxc_conf);
 		if (ret < 0) {
 			ERROR("Error chowning \"%s\" to container root", bdev->dest);

--- a/src/lxc/storage/btrfs.c
+++ b/src/lxc/storage/btrfs.c
@@ -906,7 +906,7 @@ int btrfs_destroy(struct lxc_storage *orig)
 }

 int btrfs_create(struct lxc_storage *bdev, const char *dest, const char *n,
-		 struct bdev_specs *specs)
+		 struct bdev_specs *specs, const struct lxc_conf *conf)
 {
 	int ret;
 	size_t len;

--- a/src/lxc/storage/btrfs.h
+++ b/src/lxc/storage/btrfs.h
@@ -366,8 +366,8 @@ extern int btrfs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 			    const char *oldname, const char *cname,
 			    const char *oldpath, const char *lxcpath, int snap,
 			    uint64_t newsize, struct lxc_conf *conf);
-extern int btrfs_create(struct lxc_storage *bdev, const char *dest,
-			const char *n, struct bdev_specs *specs);
+extern int btrfs_create(struct lxc_storage *bdev, const char *dest, const char *n,
+			struct bdev_specs *specs, const struct lxc_conf *conf);
 extern int btrfs_destroy(struct lxc_storage *orig);
 extern bool btrfs_detect(const char *path);
 extern int btrfs_mount(struct lxc_storage *bdev);

--- a/src/lxc/storage/dir.c
+++ b/src/lxc/storage/dir.c
@@ -58,7 +58,7 @@ int dir_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 }

 int dir_create(struct lxc_storage *bdev, const char *dest, const char *n,
-	       struct bdev_specs *specs)
+	       struct bdev_specs *specs, const struct lxc_conf *conf)
 {
 	int ret;
 	const char *src;

--- a/src/lxc/storage/dir.h
+++ b/src/lxc/storage/dir.h
@@ -17,7 +17,7 @@ extern int dir_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 			  const char *oldpath, const char *lxcpath, int snap,
 			  uint64_t newsize, struct lxc_conf *conf);
 extern int dir_create(struct lxc_storage *bdev, const char *dest, const char *n,
-		      struct bdev_specs *specs);
+		      struct bdev_specs *specs, const struct lxc_conf *conf);
 extern int dir_destroy(struct lxc_storage *orig);
 extern bool dir_detect(const char *path);
 extern int dir_mount(struct lxc_storage *bdev);

--- a/src/lxc/storage/loop.c
+++ b/src/lxc/storage/loop.c
@@ -114,7 +114,7 @@ int loop_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 }

 int loop_create(struct lxc_storage *bdev, const char *dest, const char *n,
-		struct bdev_specs *specs)
+		struct bdev_specs *specs, const struct lxc_conf *conf)
 {
 	__do_free char *srcdev = NULL;
 	const char *fstype;

--- a/src/lxc/storage/loop.h
+++ b/src/lxc/storage/loop.h
@@ -17,7 +17,7 @@ extern int loop_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 			   const char *oldpath, const char *lxcpath, int snap,
 			   uint64_t newsize, struct lxc_conf *conf);
 extern int loop_create(struct lxc_storage *bdev, const char *dest,
-		       const char *n, struct bdev_specs *specs);
+		       const char *n, struct bdev_specs *specs, const struct lxc_conf *conf);
 extern int loop_destroy(struct lxc_storage *orig);
 extern bool loop_detect(const char *path);
 extern int loop_mount(struct lxc_storage *bdev);

--- a/src/lxc/storage/lvm.c
+++ b/src/lxc/storage/lvm.c
@@ -609,7 +609,7 @@ int lvm_destroy(struct lxc_storage *orig)
 }

 int lvm_create(struct lxc_storage *bdev, const char *dest, const char *n,
-	       struct bdev_specs *specs)
+	       struct bdev_specs *specs, const struct lxc_conf *conf)
 {
 	const char *vg, *thinpool, *fstype, *lv = n;
 	uint64_t sz;

--- a/src/lxc/storage/lvm.h
+++ b/src/lxc/storage/lvm.h
@@ -24,7 +24,7 @@ extern int lvm_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 			  uint64_t newsize, struct lxc_conf *conf);
 extern int lvm_destroy(struct lxc_storage *orig);
 extern int lvm_create(struct lxc_storage *bdev, const char *dest, const char *n,
-		      struct bdev_specs *specs);
+		      struct bdev_specs *specs, const struct lxc_conf *conf);
 extern bool lvm_create_clone(struct lxc_conf *conf, struct lxc_storage *orig,
 			     struct lxc_storage *new, uint64_t newsize);
 extern bool lvm_create_snapshot(struct lxc_conf *conf, struct lxc_storage *orig,

--- a/src/lxc/storage/nbd.c
+++ b/src/lxc/storage/nbd.c
@@ -91,7 +91,7 @@ int nbd_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 }

 int nbd_create(struct lxc_storage *bdev, const char *dest, const char *n,
-	       struct bdev_specs *specs)
+	       struct bdev_specs *specs, const struct lxc_conf *conf)
 {
 	return -ENOSYS;
 }

--- a/src/lxc/storage/nbd.h
+++ b/src/lxc/storage/nbd.h
@@ -17,7 +17,7 @@ extern int nbd_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 			  const char *oldpath, const char *lxcpath, int snap,
 			  uint64_t newsize, struct lxc_conf *conf);
 extern int nbd_create(struct lxc_storage *bdev, const char *dest, const char *n,
-		      struct bdev_specs *specs);
+		      struct bdev_specs *specs, const struct lxc_conf *conf);
 extern int nbd_destroy(struct lxc_storage *orig);
 extern bool nbd_detect(const char *path);
 extern int nbd_mount(struct lxc_storage *bdev);

--- a/src/lxc/storage/overlay.c
+++ b/src/lxc/storage/overlay.c
--- a/src/lxc/storage/overlay.h
+++ b/src/lxc/storage/overlay.h
@@ -25,7 +25,7 @@ extern int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 			  const char *oldpath, const char *lxcpath, int snap,
 			  uint64_t newsize, struct lxc_conf *conf);
 extern int ovl_create(struct lxc_storage *bdev, const char *dest, const char *n,
-		      struct bdev_specs *specs);
+		      struct bdev_specs *specs, const struct lxc_conf *conf);
 extern int ovl_destroy(struct lxc_storage *orig);
 extern bool ovl_detect(const char *path);
 extern int ovl_mount(struct lxc_storage *bdev);

--- a/src/lxc/storage/rbd.c
+++ b/src/lxc/storage/rbd.c
@@ -77,7 +77,7 @@ int rbd_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 }

 int rbd_create(struct lxc_storage *bdev, const char *dest, const char *n,
-	       struct bdev_specs *specs)
+	       struct bdev_specs *specs, const struct lxc_conf *conf)
 {
 	const char *rbdpool, *fstype;
 	uint64_t size;

--- a/src/lxc/storage/rbd.h
+++ b/src/lxc/storage/rbd.h
@@ -17,7 +17,7 @@ extern int rbd_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 			  const char *oldpath, const char *lxcpath, int snap,
 			  uint64_t newsize, struct lxc_conf *conf);
 extern int rbd_create(struct lxc_storage *bdev, const char *dest, const char *n,
-		      struct bdev_specs *specs);
+		      struct bdev_specs *specs, const struct lxc_conf *conf);
 extern int rbd_destroy(struct lxc_storage *orig);
 extern bool rbd_detect(const char *path);
 extern int rbd_mount(struct lxc_storage *bdev);

--- a/src/lxc/storage/storage.c
+++ b/src/lxc/storage/storage.c
@@ -259,7 +259,8 @@ struct lxc_storage *storage_get(const char *type)

 static struct lxc_storage *do_storage_create(const char *dest, const char *type,
 					     const char *cname,
-					     struct bdev_specs *specs)
+					     struct bdev_specs *specs,
+					     const struct lxc_conf *conf)
 {
 	int ret;
 	struct lxc_storage *bdev;
@@ -271,7 +272,7 @@ static struct lxc_storage *do_storage_create(const char *dest, const char *type,
 	if (!bdev)
 		return NULL;

-	ret = bdev->ops->create(bdev, dest, cname, specs);
+	ret = bdev->ops->create(bdev, dest, cname, specs, conf);
 	if (ret < 0) {
 		storage_put(bdev);
 		return NULL;
@@ -521,14 +522,15 @@ on_error_put_orig:
 * @specs: details about the backing store to create, like fstype
 */
 struct lxc_storage *storage_create(const char *dest, const char *type,
-				   const char *cname, struct bdev_specs *specs)
+				   const char *cname, struct bdev_specs *specs,
+				   const struct lxc_conf *conf)
 {
 	int ret;
 	struct lxc_storage *bdev;
 	char *best_options[] = {"btrfs", "zfs", "lvm", "dir", "rbd", NULL};

 	if (!type)
-		return do_storage_create(dest, "dir", cname, specs);
+		return do_storage_create(dest, "dir", cname, specs, conf);

 	ret = strcmp(type, "best");
 	if (ret == 0) {
@@ -537,7 +539,7 @@ struct lxc_storage *storage_create(const char *dest, const char *type,
 		 * opinionated preferences.
 		 */
 		for (i = 0; best_options[i]; i++) {
-			bdev = do_storage_create(dest, best_options[i], cname, specs);
+			bdev = do_storage_create(dest, best_options[i], cname, specs, conf);
 			if (bdev)
 				return bdev;
 		}
@@ -552,13 +554,13 @@ struct lxc_storage *storage_create(const char *dest, const char *type,

 		dup = must_copy_string(type);
 		lxc_iterate_parts(token, dup, ",") {
-			bdev = do_storage_create(dest, token, cname, specs);
+			bdev = do_storage_create(dest, token, cname, specs, conf);
 			if (bdev)
 				return bdev;
 		}
 	}

-	return do_storage_create(dest, type, cname, specs);
+	return do_storage_create(dest, type, cname, specs, conf);
 }

 bool storage_destroy(struct lxc_conf *conf)

--- a/src/lxc/storage/storage.h
+++ b/src/lxc/storage/storage.h
@@ -54,7 +54,7 @@ struct lxc_storage_ops {
 	int (*umount)(struct lxc_storage *bdev);
 	int (*destroy)(struct lxc_storage *bdev);
 	int (*create)(struct lxc_storage *bdev, const char *dest, const char *n,
-		      struct bdev_specs *specs);
+		      struct bdev_specs *specs, const struct lxc_conf *conf);
 	/* given original mount, rename the paths for cloned container */
 	int (*clone_paths)(struct lxc_storage *orig, struct lxc_storage *new,
 			   const char *oldname, const char *cname,
@@ -111,7 +111,8 @@ extern struct lxc_storage *storage_copy(struct lxc_container *c,
 					bool *needs_rdep);
 extern struct lxc_storage *storage_create(const char *dest, const char *type,
 					  const char *cname,
-					  struct bdev_specs *specs);
+					  struct bdev_specs *specs,
+					  const struct lxc_conf *conf);
 extern void storage_put(struct lxc_storage *bdev);
 extern bool storage_destroy(struct lxc_conf *conf);
 extern bool rootfs_is_blockdev(struct lxc_conf *conf);

--- a/src/lxc/storage/storage_utils.h
+++ b/src/lxc/storage/storage_utils.h
@@ -5,9 +5,19 @@

 #include <stdbool.h>
 #include <stdint.h>
+#include <string.h>
 #include <stdio.h>

 #include "conf.h"
+#include "macro.h"
+
+#define LXC_OVERLAY_PRIVATE_DIR "overlay"
+#define LXC_OVERLAY_DELTA_DIR "delta"
+#define LXC_OVERLAY_WORK_DIR "work"
+#define LXC_OVERLAY_DELTA_PATH LXC_OVERLAY_PRIVATE_DIR "/" LXC_OVERLAY_DELTA_DIR
+#define LXC_OVERLAY_WORK_PATH LXC_OVERLAY_PRIVATE_DIR "/" LXC_OVERLAY_WORK_DIR
+#define LXC_OVERLAY_PATH_LEN \
+	(STRLITERALLEN(LXC_OVERLAY_PRIVATE_DIR) + STRLITERALLEN("/") + 256 + 1)

 struct lxc_storage;
 struct lxc_conf;

--- a/src/lxc/storage/zfs.c
+++ b/src/lxc/storage/zfs.c
@@ -684,7 +684,7 @@ int zfs_destroy(struct lxc_storage *orig)
 }

 int zfs_create(struct lxc_storage *bdev, const char *dest, const char *n,
-	       struct bdev_specs *specs)
+	       struct bdev_specs *specs, const struct lxc_conf *conf)
 {
 	const char *zfsroot;
 	int ret;

--- a/src/lxc/storage/zfs.h
+++ b/src/lxc/storage/zfs.h
@@ -18,7 +18,7 @@ extern int zfs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 			  const char *oldpath, const char *lxcpath, int snap,
 			  uint64_t newsize, struct lxc_conf *conf);
 extern int zfs_create(struct lxc_storage *bdev, const char *dest, const char *n,
-		      struct bdev_specs *specs);
+		      struct bdev_specs *specs, const struct lxc_conf *conf);
 extern int zfs_destroy(struct lxc_storage *orig);
 extern bool zfs_detect(const char *path);
 extern int zfs_mount(struct lxc_storage *bdev);

--- a/src/lxc/tools/lxc_copy.c
+++ b/src/lxc/tools/lxc_copy.c
@@ -766,15 +766,17 @@ static char *mount_tmpfs(const char *oldname, const char *newname,
 	fd = -1;

 	ret = fprintf(fp, "#! /bin/sh\n"
-			  "mount -n -t tmpfs -o mode=0755 none %s/%s\n",
+			  "mount -n -t tmpfs -o mode=0755 none %s/%s/overlay\n",
 		      path, newname);
 	if (ret < 0)
 		goto err_close;

 	if (!arg->keepname) {
-		ret = fprintf(fp, "mkdir -p %s/%s/delta0/etc\n"
-				  "echo %s > %s/%s/delta0/etc/hostname\n",
-			      path, newname, newname, path, newname);
+		ret = fprintf(fp,
+			      "mkdir -p %s/%s/%s/etc\n"
+			      "echo %s > %s/%s/%s/etc/hostname\n",
+			      path, newname, LXC_OVERLAY_DELTA_PATH, newname,
+			      path, newname, LXC_OVERLAY_DELTA_PATH);
 		if (ret < 0)
 			goto err_close;
 	}