[lxc-devel] [lxd/master] Make dir snapshots read-only

Mon Nov 4 16:03:17 UTC 2019

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20191104/b5af14e0/attachment.bin>
-------------- next part --------------
From 0246c7602974b73e823808b32e136305b8262bd8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 4 Nov 2019 11:01:39 -0500
Subject: [PATCH 1/2] lxd/storage/drivers: Add mountReadOnly helper
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/storage/drivers/utils.go | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/lxd/storage/drivers/utils.go b/lxd/storage/drivers/utils.go
index c0bbdafe82..2bd353691a 100644
--- a/lxd/storage/drivers/utils.go
+++ b/lxd/storage/drivers/utils.go
@@ -59,6 +59,28 @@ func forceUnmount(path string) (bool, error) {
 	}
 }
 
+func mountReadOnly(srcPath string, dstPath string) (bool, error) {
+	// Check if already mounted.
+	if shared.IsMountPoint(dstPath) {
+		return false, nil
+	}
+
+	// Create a mount entry.
+	err := tryMount(srcPath, dstPath, "none", unix.MS_BIND, "")
+	if err != nil {
+		return false, err
+	}
+
+	// Make it read-only.
+	err = tryMount("", dstPath, "none", unix.MS_BIND|unix.MS_RDONLY|unix.MS_REMOUNT, "")
+	if err != nil {
+		forceUnmount(dstPath)
+		return false, err
+	}
+
+	return true, nil
+}
+
 func sameMount(srcPath string, dstPath string) bool {
 	// Get the source vfs path information
 	var srcFsStat unix.Statfs_t

From 23736eb7100493c3e27360ed2b9256e2d8242a26 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 4 Nov 2019 11:01:56 -0500
Subject: [PATCH 2/2] lxd/storage/dir: Make snapshot mounts read-only
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/storage/drivers/driver_dir.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/lxd/storage/drivers/driver_dir.go b/lxd/storage/drivers/driver_dir.go
index 61ed55a992..09f317a765 100644
--- a/lxd/storage/drivers/driver_dir.go
+++ b/lxd/storage/drivers/driver_dir.go
@@ -663,10 +663,10 @@ func (d *dir) MountVolume(volType VolumeType, volName string, op *operations.Ope
 	return false, nil
 }
 
-// MountVolumeSnapshot simulates mounting a volume snapshot. As dir driver doesn't have volumes to
-// mount it returns false indicating that there is no need to issue an unmount.
+// MountVolumeSnapshot sets up a read-only mount on top of the snapshot to avoid accidental modifications.
 func (d *dir) MountVolumeSnapshot(volType VolumeType, volName, snapshotName string, op *operations.Operation) (bool, error) {
-	return false, nil
+	snapPath := GetVolumeMountPath(d.name, volType, GetSnapshotVolumeName(volName, snapshotName))
+	return mountReadOnly(snapPath, snapPath)
 }
 
 // UnmountVolume simulates unmounting a volume. As dir driver doesn't have volumes to unmount it
@@ -675,10 +675,10 @@ func (d *dir) UnmountVolume(volType VolumeType, volName string, op *operations.O
 	return false, nil
 }
 
-// UnmountVolume simulates unmounting a volume snapshot. As dir driver doesn't have volumes to
-// unmount it returns false indicating the volume was already unmounted.
+// UnmountVolumeSnapshot removes the read-only mount placed on top of a snapshot.
 func (d *dir) UnmountVolumeSnapshot(volType VolumeType, volName, snapshotName string, op *operations.Operation) (bool, error) {
-	return false, nil
+	snapPath := GetVolumeMountPath(d.name, volType, GetSnapshotVolumeName(volName, snapshotName))
+	return forceUnmount(snapPath)
 }
 
 // quotaProjectID generates a project quota ID from a volume ID.
