Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prefer user.containers.override_stat over user.fuseoverlayfs. #422

Merged
merged 9 commits into from
Jun 17, 2024
Merged

Prefer user.containers.override_stat over user.fuseoverlayfs. #422

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
19ba462
tests: Update run-on-arch-action to v2.7.2
akihikodaki Jun 17, 2024
b644635
tests: Update to Ubuntu 22.04
akihikodaki Jun 17, 2024
a13a9e7
utils: Always suppress ENODATA
akihikodaki May 29, 2024
136aefd
main: Fix file owner retrieval for chmod
akihikodaki May 29, 2024
9610adf
main: Do not set -1 for owner overriding xattrs
akihikodaki May 29, 2024
e16818c
Fix printed extended attribute name
akihikodaki Jun 10, 2024
90bea22
Prefer user.containers.override_stat over user.fuseoverlayfs.
akihikodaki Jun 10, 2024
9810b85
main: Override inaccessible xattrs
akihikodaki Jun 13, 2024
20161f9
main: Isolate security xattrs for STAT_OVERRIDE_CONTAINERS
akihikodaki Jun 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions .github/workflows/test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,23 +4,23 @@ on: [push, pull_request]

jobs:
build_job:
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
name: Build on ${{ matrix.arch }}

strategy:
matrix:
include:
- arch: armv7
distro: ubuntu20.04
distro: ubuntu22.04
- arch: aarch64
distro: ubuntu20.04
distro: ubuntu22.04
- arch: s390x
distro: ubuntu20.04
distro: ubuntu22.04
- arch: ppc64le
distro: ubuntu20.04
distro: ubuntu22.04
steps:
- uses: actions/[email protected]
- uses: uraimo/run-on-arch-action@v2.0.5
- uses: uraimo/run-on-arch-action@v2.7.2
name: Build
id: build
with:
Expand All @@ -34,7 +34,7 @@ jobs:

install: |
apt-get update -q -y
apt-get install -q -y attr automake autotools-dev git make gcc pkg-config xz-utils python3.8 g++ python3-setuptools libdevmapper-dev btrfs-progs libbtrfs-dev go-md2man parallel libfuse3-dev bats
apt-get install -q -y attr automake autotools-dev git make gcc pkg-config xz-utils python3 g++ python3-setuptools libdevmapper-dev btrfs-progs libbtrfs-dev go-md2man parallel libfuse3-dev bats

run: |
./autogen.sh
Expand All @@ -49,7 +49,7 @@ jobs:
fuse-overlayfs

Test:
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
Expand All @@ -66,7 +66,7 @@ jobs:
- name: install dependencies
run: |
sudo apt-get update -q -y
sudo apt-get install -q -y attr automake autotools-dev git make gcc pkg-config xz-utils python3.8 g++ python3-setuptools libdevmapper-dev btrfs-progs libbtrfs-dev go-md2man parallel wget libfuse3-dev bats
sudo apt-get install -q -y attr automake autotools-dev git make gcc pkg-config xz-utils python3 g++ python3-setuptools libdevmapper-dev btrfs-progs libbtrfs-dev go-md2man parallel wget libfuse3-dev bats

sudo mkdir -p /lower /upper /mnt $GOPATH/src/github.com/containers
sudo sh -c "cd $GOPATH/src/github.com/containers; git clone --depth=1 https://github.com/containers/storage"
Expand All @@ -90,7 +90,7 @@ jobs:
- name: Archive build artifacts
uses: actions/upload-artifact@v3
with:
name: fuse-overlayfs-x86_64-ubuntu20.04
name: fuse-overlayfs-x86_64-ubuntu22.04
path: |
fuse-overlayfs
if: ${{ matrix.test == 'ovl-whiteouts' }}
Expand Down
6 changes: 3 additions & 3 deletions contrib/fix-mode.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,12 @@
import errno

XATTR_OVERRIDE_STAT_PRIVILEGED = "security.fuseoverlayfs.override_stat"
XATTR_OVERRIDE_STAT = "user.fuseoverlayfs.override_stat"
XATTR_OVERRIDE_CONTAINERS_STAT = "user.fuseoverlayfs.override_stat"

if os.geteuid() == 0:
xattr_name = XATTR_OVERRIDE_STAT_PRIVILEGED
else:
xattr_name = XATTR_OVERRIDE_STAT
xattr_name = XATTR_OVERRIDE_CONTAINERS_STAT

cwd_fd = os.open(".", os.O_PATH)

Expand All @@ -23,7 +23,7 @@ def fix_path(path):
os.setxattr(path, xattr_name, str.encode(content), flags=os.XATTR_CREATE, follow_symlinks=False)
except Exception as e:
if e.errno == errno.EEXIST:
print("attr %s already present for %s: %s" % (XATTR_OVERRIDE_STAT, path, e.errno))
print("attr %s already present for %s: %s" % (xattr_name, path, e.errno))
return
raise e

Expand Down
4 changes: 2 additions & 2 deletions direct.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -186,10 +186,10 @@ direct_load_data_source (struct ovl_layer *l, const char *opaque, const char *pa

if (fgetxattr (l->fd, XATTR_PRIVILEGED_OVERRIDE_STAT, tmp, sizeof (tmp)) >= 0)
l->stat_override_mode = STAT_OVERRIDE_PRIVILEGED;
else if (fgetxattr (l->fd, XATTR_OVERRIDE_STAT, tmp, sizeof (tmp)) >= 0)
l->stat_override_mode = STAT_OVERRIDE_USER;
else if (fgetxattr (l->fd, XATTR_OVERRIDE_CONTAINERS_STAT, tmp, sizeof (tmp)) >= 0)
l->stat_override_mode = STAT_OVERRIDE_CONTAINERS;
else if (fgetxattr (l->fd, XATTR_OVERRIDE_STAT, tmp, sizeof (tmp)) >= 0)
l->stat_override_mode = STAT_OVERRIDE_USER;

return 0;
}
Expand Down
Loading
Loading