summaryrefslogtreecommitdiff
path: root/vendor/github.com/Microsoft/go-winio/pkg
diff options
context:
space:
mode:
authorNick Guenther <nick.guenther@polymtl.ca>2022-02-28 12:54:09 -0500
committerNick Guenther <nick.guenther@polymtl.ca>2022-03-01 12:09:42 -0500
commit572e6464f607189744afb76ee729ab31018266ad (patch)
tree4a8a8e2fafacc025494d5eb8545d5b729488be3d /vendor/github.com/Microsoft/go-winio/pkg
parent8bdda91ab738d634528259581c8adebe1db007b4 (diff)
downloadpodman-572e6464f607189744afb76ee729ab31018266ad.tar.gz
podman-572e6464f607189744afb76ee729ab31018266ad.tar.bz2
podman-572e6464f607189744afb76ee729ab31018266ad.zip
Use storage that better supports rootless overlayfs
overlayfs -- the kernel's version, not fuse-overlayfs -- recently learned (as of linux 5.16.0, I believe) how to support rootless users. Previously, rootless users had to use these storage.conf(5) settings: * storage.driver=vfs (aka STORAGE_DRIVER=vfs), or * storage.driver=overlay (aka STORAGE_DRIVER=overlay), storage.options.overlay.mount_program=/usr/bin/fuse-overlayfs (aka STORAGE_OPTS=/usr/bin/fuse-overlayfs) Now that a third backend is available, setting only: * storage.driver=overlay (aka STORAGE_DRIVER=overlay) https://github.com/containers/podman/issues/13123 reported EXDEV errors during the normal operation of their container. Tracing it out, the problem turned out to be that their container was being mounted without 'userxattr'; I don't fully understand why, but mount(8) mentions this is needed for rootless users: > userxattr > > Use the "user.overlay." xattr namespace instead of "trusted.overlay.". > This is useful for unprivileged mounting of overlayfs. https://github.com/containers/storage/pull/1156 found and fixed the issue in podman, and this just pulls in that via go get github.com/containers/storage@ebc90ab go mod vendor make vendor Closes https://github.com/containers/podman/issues/13123 Signed-off-by: Nick Guenther <nick.guenther@polymtl.ca>
Diffstat (limited to 'vendor/github.com/Microsoft/go-winio/pkg')
-rw-r--r--vendor/github.com/Microsoft/go-winio/pkg/guid/guid.go9
-rw-r--r--vendor/github.com/Microsoft/go-winio/pkg/guid/guid_nonwindows.go15
-rw-r--r--vendor/github.com/Microsoft/go-winio/pkg/guid/guid_windows.go10
-rw-r--r--vendor/github.com/Microsoft/go-winio/pkg/security/grantvmgroupaccess.go15
4 files changed, 32 insertions, 17 deletions
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/guid/guid.go b/vendor/github.com/Microsoft/go-winio/pkg/guid/guid.go
index f497c0e39..2d9161e2d 100644
--- a/vendor/github.com/Microsoft/go-winio/pkg/guid/guid.go
+++ b/vendor/github.com/Microsoft/go-winio/pkg/guid/guid.go
@@ -14,8 +14,6 @@ import (
"encoding/binary"
"fmt"
"strconv"
-
- "golang.org/x/sys/windows"
)
// Variant specifies which GUID variant (or "type") of the GUID. It determines
@@ -41,13 +39,6 @@ type Version uint8
var _ = (encoding.TextMarshaler)(GUID{})
var _ = (encoding.TextUnmarshaler)(&GUID{})
-// GUID represents a GUID/UUID. It has the same structure as
-// golang.org/x/sys/windows.GUID so that it can be used with functions expecting
-// that type. It is defined as its own type so that stringification and
-// marshaling can be supported. The representation matches that used by native
-// Windows code.
-type GUID windows.GUID
-
// NewV4 returns a new version 4 (pseudorandom) GUID, as defined by RFC 4122.
func NewV4() (GUID, error) {
var b [16]byte
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/guid/guid_nonwindows.go b/vendor/github.com/Microsoft/go-winio/pkg/guid/guid_nonwindows.go
new file mode 100644
index 000000000..f64d828c0
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/guid/guid_nonwindows.go
@@ -0,0 +1,15 @@
+// +build !windows
+
+package guid
+
+// GUID represents a GUID/UUID. It has the same structure as
+// golang.org/x/sys/windows.GUID so that it can be used with functions expecting
+// that type. It is defined as its own type as that is only available to builds
+// targeted at `windows`. The representation matches that used by native Windows
+// code.
+type GUID struct {
+ Data1 uint32
+ Data2 uint16
+ Data3 uint16
+ Data4 [8]byte
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/guid/guid_windows.go b/vendor/github.com/Microsoft/go-winio/pkg/guid/guid_windows.go
new file mode 100644
index 000000000..83617f4ee
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/guid/guid_windows.go
@@ -0,0 +1,10 @@
+package guid
+
+import "golang.org/x/sys/windows"
+
+// GUID represents a GUID/UUID. It has the same structure as
+// golang.org/x/sys/windows.GUID so that it can be used with functions expecting
+// that type. It is defined as its own type so that stringification and
+// marshaling can be supported. The representation matches that used by native
+// Windows code.
+type GUID windows.GUID
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/security/grantvmgroupaccess.go b/vendor/github.com/Microsoft/go-winio/pkg/security/grantvmgroupaccess.go
index fca241590..602920786 100644
--- a/vendor/github.com/Microsoft/go-winio/pkg/security/grantvmgroupaccess.go
+++ b/vendor/github.com/Microsoft/go-winio/pkg/security/grantvmgroupaccess.go
@@ -3,11 +3,10 @@
package security
import (
+ "fmt"
"os"
"syscall"
"unsafe"
-
- "github.com/pkg/errors"
)
type (
@@ -72,7 +71,7 @@ func GrantVmGroupAccess(name string) error {
// Stat (to determine if `name` is a directory).
s, err := os.Stat(name)
if err != nil {
- return errors.Wrapf(err, "%s os.Stat %s", gvmga, name)
+ return fmt.Errorf("%s os.Stat %s: %w", gvmga, name, err)
}
// Get a handle to the file/directory. Must defer Close on success.
@@ -88,7 +87,7 @@ func GrantVmGroupAccess(name string) error {
sd := uintptr(0)
origDACL := uintptr(0)
if err := getSecurityInfo(fd, uint32(ot), uint32(si), nil, nil, &origDACL, nil, &sd); err != nil {
- return errors.Wrapf(err, "%s GetSecurityInfo %s", gvmga, name)
+ return fmt.Errorf("%s GetSecurityInfo %s: %w", gvmga, name, err)
}
defer syscall.LocalFree((syscall.Handle)(unsafe.Pointer(sd)))
@@ -102,7 +101,7 @@ func GrantVmGroupAccess(name string) error {
// And finally use SetSecurityInfo to apply the updated DACL.
if err := setSecurityInfo(fd, uint32(ot), uint32(si), uintptr(0), uintptr(0), newDACL, uintptr(0)); err != nil {
- return errors.Wrapf(err, "%s SetSecurityInfo %s", gvmga, name)
+ return fmt.Errorf("%s SetSecurityInfo %s: %w", gvmga, name, err)
}
return nil
@@ -120,7 +119,7 @@ func createFile(name string, isDir bool) (syscall.Handle, error) {
}
fd, err := syscall.CreateFile(&namep[0], da, sm, nil, syscall.OPEN_EXISTING, fa, 0)
if err != nil {
- return 0, errors.Wrapf(err, "%s syscall.CreateFile %s", gvmga, name)
+ return 0, fmt.Errorf("%s syscall.CreateFile %s: %w", gvmga, name, err)
}
return fd, nil
}
@@ -131,7 +130,7 @@ func generateDACLWithAcesAdded(name string, isDir bool, origDACL uintptr) (uintp
// Generate pointers to the SIDs based on the string SIDs
sid, err := syscall.StringToSid(sidVmGroup)
if err != nil {
- return 0, errors.Wrapf(err, "%s syscall.StringToSid %s %s", gvmga, name, sidVmGroup)
+ return 0, fmt.Errorf("%s syscall.StringToSid %s %s: %w", gvmga, name, sidVmGroup, err)
}
inheritance := inheritModeNoInheritance
@@ -154,7 +153,7 @@ func generateDACLWithAcesAdded(name string, isDir bool, origDACL uintptr) (uintp
modifiedDACL := uintptr(0)
if err := setEntriesInAcl(uintptr(uint32(1)), uintptr(unsafe.Pointer(&eaArray[0])), origDACL, &modifiedDACL); err != nil {
- return 0, errors.Wrapf(err, "%s SetEntriesInAcl %s", gvmga, name)
+ return 0, fmt.Errorf("%s SetEntriesInAcl %s: %w", gvmga, name, err)
}
return modifiedDACL, nil