overlay: ignore chown errors in additionalimagestore #1828
Conversation
ad64c96 to
0050c51
Compare
There was a problem hiding this comment.
This would ignore all kinds of errors; is there a way to restrict this to chown errors only?
if !inAdditionalStore { MkdirAllAs } else { MkdirAll } seems to be an option. I don’t immediately know about the Rmdir one.
Or, really, if the store is supposed to be read-only, then why change it at all? Test that the directories exist, and fail if they don’t.
But if the merged directory is supposed to be created on a Get and always deleted on a Put, I can’t see how that can possibly work as truly read-only additional image store: a “legitimate” image store won’t have the merged directory, and we won’t be able to create it. Am I missing something?
the correct test would be to check whether the directory has the If you prefer, I can rewrite it as: are you ok with it? |
|
(Warning: I don’t understand the full feature, I’m going just by the bug report and the PR.) Yes, the talk about “read-only additional image store” would lead to basically what you propose. I don’t feel too strongly about the “test that the directories exist” part. But then I saw the |
I am not even sure why we need to rm the mount directory, we could just drop that code IMO, so we don't have to worry whether the store is read-only or writeable |
|
Git blame points at #390 . And I’m still interested in understanding how this works in the first place, in #1828 (review) . (Admittedly I didn’t try that in practice.) |
the question is: should we fail when the directory in the additional image store (which is supposed to be R/O) doesn't exist but the user has enough privileges to create it? Or should we try to create it anyway? if err := idtools.MkdirAs(mergedDir, 0o700, rootUID, rootGID); err != nil && !os.IsExist(err) {
if !inAdditionalStore {
return "", err
}
// if it is in an additional store, do not fail if the directory already exists
if _, err2 := os.Stat(mergedDir); err2 != nil {
return "", err
}
} |
|
Oh I don’t have a strong opinion on that design question. I’m stuck at an earlier phase: If the user doesn’t have enough privileges, I understand |
if you just perform a "pull" then the directory exists, at least until you try to mount/unmount it. Maybe we can replace the |
OK I’ll need to look into the situation in more detail, then.
Does that retain the originally-wanted benefit of handling leaked mounts? |
I think it does, although after started looking into it, I am not sure we need to overcomplicate the code for such a corner case where an image is mounted/unmounted on an additional image store |
|
*shrug* the original thing smells like a workaround, and it seems no-one cared enough to document in detail what it is working around (or maybe it is not known at all). The trouble is that when creating the image, we don’t know that the store is going to later be used as an additional one. One entirely different possibility might be to create the mounts somewhere else, not in the read-only additional store. That’s rather more disruptive. But really I need to understand what happens on pull, first. Hopefully tomorrow. For now, I’m just confused. |
0050c51 to
56970a7
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: giuseppe The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
I've replaced the Differently the |
drivers/overlay/overlay.go
Outdated
| // its atomic semantic. In this way the "merged" directory is never removed. | ||
| if err := unix.Rename(tmpMountpoint, mountpoint); err != nil { | ||
| logrus.Debugf("Failed to replace mountpoint %s overlay: %s - %v", id, mountpoint, err) | ||
| return fmt.Errorf("replacingmount point %q: %w", mountpoint, err) |
There was a problem hiding this comment.
nit: "replacing mount point %q: %w"
drivers/overlay/overlay.go
Outdated
|
|
||
| tmpMountpoint := path.Join(dir, "merged.1") | ||
| if err := idtools.MkdirAs(tmpMountpoint, 0o700, uid, gid); err != nil && !os.IsExist(err) { |
There was a problem hiding this comment.
sed 's/os.IsExists(err)/errors.Is(err, os.ErrExist)/g'
56970a7 to
d7ca4a0
Compare
|
comments addressed ⬆️ |
|
LGTM |
instead of removing the "merged" directory, replace it with a fresh empty directory so that we can assume "merged" is always present and there is no need to recreate it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
after the commit "overlay: replace rmdir with rename", it is safe to assume it is never deleted. Closes: containers#1827 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
c5ba0c6 to
652b613
Compare
ignore errors creating and chowning the diffDiff if it is in an additional image store. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
652b613 to
9846c10
Compare
|
there are two reviews, can we get this merged? |
|
/lgtm |
|
/cherry-pick release-1.42 |
|
@nalind: #1828 failed to apply on top of branch "release-1.42": In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/cherry-pick release-1.45 |
|
@nalind: #1828 failed to apply on top of branch "release-1.45": In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
Addresses: https://issues.redhat.com/browse/RHEL-32589 |
the store might be owned by another user.
Closes: #1827