[lxc-devel] [PATCH 1/1] lxc-start-ephemeral: handle the overlayfs workdir option (v2)

Stéphane Graber stgraber at ubuntu.com
Tue Jan 13 14:51:23 UTC 2015 

On Tue, Jan 13, 2015 at 02:42:24PM +0000, Serge Hallyn wrote:
> Quoting KATOH Yasufumi (karma at jazz.email.ne.jp):
> > Hi,
> > 
> > I tested on kernel 3.18.1 with your patch. It works fine, but there is
> > one problem.
> > 
> > >>> On Tue, 13 Jan 2015 00:08:37 +0000
> >     in message   "[lxc-devel] [PATCH 1/1] lxc-start-ephemeral: handle the overlayfs workdir option (v2)"
> >                   Serge Hallyn-san wrote:
> > 
> > > We fixed this some time ago for basic lxc-start, but never did
> > > lxc-start-ephemeral.
> > 
> > > Since the lxc-start patches were pushed, Miklos has given us a
> > > way to detect whether we need the workdir= option.  So the
> > > bdev.c code could be simplified to check for "overlay\n" in
> > > /proc/filesystems just as lxc-start-ephemeral does.  This
> > > patch doesn't do that.
> > 
> > 
> > 
> > > Changelog (v2):
> > > 	1. use 'overlay' fstype for new overlay upstream module
> > > 	2. avoid using unneeded readlines().
> > 
> > > Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> > > ---
> > >  src/lxc/lxc-start-ephemeral.in | 25 ++++++++++++++++++++++++-
> > >  1 file changed, 24 insertions(+), 1 deletion(-)
> > 
> > > diff --git a/src/lxc/lxc-start-ephemeral.in b/src/lxc/lxc-start-ephemeral.in
> > > index c999e74..36e2579 100644
> > > --- a/src/lxc/lxc-start-ephemeral.in
> > > +++ b/src/lxc/lxc-start-ephemeral.in
> > > @@ -219,6 +219,14 @@ for entry in args.cdir:
> > >          dst_path = "%s/rootfs/%s" % (dest_path, src_path)
> > >          overlay_dirs += [(src_path, dst_path)]
> >  
> > > +# do we have the new overlay fs which requires workdir, or the older
> > > +# overlayfs which does not?
> > > +have_new_overlay = False
> > > +with open("/proc/filesystems", "r") as fd:
> > > +    for line in fd:
> > > +        if line == "nodev\toverlay\n":
> > > +            have_new_overlay = True
> > 
> > When the overlayfs is module, and the module is not loaded at this
> > moment, "have_new_overlay" is False and the mount will fail.
> > 
> > We need to load the overlayfs module before the check.
> 
> Yeah I thought of that when I started, then I guess ended up
> ignoring it.  What would be the cleanest way to do this in
> python?  Stéphane?

if os.geteuid() == 0:
    with open(os.devnull, "w") as devnull:
        subprocess.call(["modprobe", "overlay"], stdout=devnull, stderr=devnull)
        subprocess.call(["modprobe", "overlayfs"], stdout=devnull, stderr=devnull)

That's about as clean as I can think of. That's also entirely ignoring
any failure since we may be euid 0 and have those built into the kernel
or not present at all or not have cap_sys_module or be in a uid mapped
namespace, all of which would cause a failure.

> 
> > > +
> > >  # Generate pre-mount script
> > >  with open(os.path.join(dest_path, "pre-mount"), "w+") as fd:
> > >      os.fchmod(fd.fileno(), 0o755)
> > > @@ -231,16 +239,31 @@ LXC_NAME="%s"
> > >      count = 0
> > >      for entry in overlay_dirs:
> > >          target = "%s/delta%s" % (dest_path, count)
> > > +        workdir = "%s/work%s" % (dest_path, count)
> > >          fd.write("mkdir -p %s %s\n" % (target, entry[1]))
> > > +        if have_new_overlay:
> > > +            fd.write("mkdir -p %s\n" % workdir)
> >  
> > >          if args.storage_type == "tmpfs":
> > >              fd.write("mount -n -t tmpfs -o mode=0755 none %s\n" % (target))
> > > +            if have_new_overlay:
> > > +                fd.write("mount -n -t tmpfs -o mode=0755 none %s\n" % (workdir))
> >  
> > >          fd.write("getfacl -a %s | setfacl --set-file=- %s || true\n" % (entry[0], target))
> > >          fd.write("getfacl -a %s | setfacl --set-file=- %s || true\n" % (entry[0], entry[1]))
> > > +        if have_new_overlay:
> > > +            fd.write("getfacl -a %s | setfacl --set-file=- %s || true\n" % (entry[0], workdir))
> >  
> > >          if args.union_type == "overlayfs":
> > > -            fd.write("mount -n -t overlayfs"
> > > +            if have_new_overlay:
> > > +                fd.write("mount -n -t overlay"
> > > +                     " -oupperdir=%s,lowerdir=%s,workdir=%s none %s\n" % (
> > > +                         target,
> > > +                         entry[0],
> > > +                         workdir,
> > > +                         entry[1]))
> > > +            else:
> > > +                fd.write("mount -n -t overlayfs"
> > >                       " -oupperdir=%s,lowerdir=%s none %s\n" % (
> > >                           target,
> > >                           entry[0],
> > > -- 
> > > 2.1.0
> > 
> > > _______________________________________________
> > > lxc-devel mailing list
> > > lxc-devel at lists.linuxcontainers.org
> > > http://lists.linuxcontainers.org/listinfo/lxc-devel
> > _______________________________________________
> > lxc-devel mailing list
> > lxc-devel at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-devel
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20150113/d2d630fe/attachment.sig>

More information about the lxc-devel mailing list