[lxc-devel] [lxd/master] Storage adds LXD_SHIFTFS_DISABLE env var to disable shiftfs at runtime
tomponline on Github
lxc-bot at linuxcontainers.org
Thu Dec 5 14:11:21 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 456 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20191205/acf99744/attachment.bin>
-------------- next part --------------
From cf4a59f1097729524c200732bd066e211b0885b6 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 5 Dec 2019 11:35:52 +0000
Subject: [PATCH 1/3] lxd/backup: Comment consistency
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
lxd/backup.go | 1 +
1 file changed, 1 insertion(+)
diff --git a/lxd/backup.go b/lxd/backup.go
index 15189bffd7..a01a9eb23f 100644
--- a/lxd/backup.go
+++ b/lxd/backup.go
@@ -63,6 +63,7 @@ func backupCreate(s *state.State, args db.InstanceBackupArgs, sourceInst instanc
}
defer os.RemoveAll(tmpPath)
+ // Check if we can load new storage layer for pool driver type.
pool, err := storagePools.GetPoolByInstance(s, sourceInst)
if err != storageDrivers.ErrUnknownDriver && err != storageDrivers.ErrNotImplemented {
if err != nil {
From 3e7ea65dbd92539bc05cf95fed3dab330d18131e Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 5 Dec 2019 11:36:49 +0000
Subject: [PATCH 2/3] lxd/daemon: Adds LXD_SHIFTFS_DISABLE env var to disable
shiftfs
Useful when testing traditional UID shifting.
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
lxd/daemon.go | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/lxd/daemon.go b/lxd/daemon.go
index c5416d7dfc..5c1b92cf61 100644
--- a/lxd/daemon.go
+++ b/lxd/daemon.go
@@ -620,11 +620,16 @@ func (d *Daemon) init() error {
logger.Infof(" - unprivileged file capabilities: no")
}
- if util.HasFilesystem("shiftfs") || util.LoadModule("shiftfs") == nil {
- d.os.Shiftfs = true
- logger.Infof(" - shiftfs support: yes")
+ // Detect shiftfs support.
+ if shared.IsTrue(os.Getenv("LXD_SHIFTFS_DISABLE")) {
+ logger.Infof(" - shiftfs support: disabled")
} else {
- logger.Infof(" - shiftfs support: no")
+ if util.HasFilesystem("shiftfs") || util.LoadModule("shiftfs") == nil {
+ d.os.Shiftfs = true
+ logger.Infof(" - shiftfs support: yes")
+ } else {
+ logger.Infof(" - shiftfs support: no")
+ }
}
// Detect LXC features
From 735e1bf4f5df8cd75557c7afdf365fc4500385bb Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 5 Dec 2019 11:38:48 +0000
Subject: [PATCH 3/3] doc/environment: Documents LXD_SHIFTFS_DISABLE env var
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
doc/environment.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/doc/environment.md b/doc/environment.md
index 2925711467..88246c1890 100644
--- a/doc/environment.md
+++ b/doc/environment.md
@@ -28,3 +28,4 @@ Name | Description
`LXD_SECURITY_APPARMOR` | If set to `false`, forces AppArmor off
`LXD_UNPRIVILEGED_ONLY` | If set to `true`, enforces that only unprivileged containers can be created. Note that any privileged containers that have been created before setting LXD_UNPRIVILEGED_ONLY will continue to be privileged. To use this option effectively it should be set when the LXD daemon is first setup.
`LXD_OVMF_PATH` | Path to an OVMF build including `OVMF_CODE.fd` and `OVMF_VARS.ms.fd`
+`LXD_SHIFTFS_DISABLE` | Disable shiftfs support (useful when testing traditional UID shifting)
More information about the lxc-devel
mailing list