aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--vendor.conf2
-rw-r--r--vendor/github.com/containers/storage/drivers/aufs/aufs.go7
-rw-r--r--vendor/github.com/containers/storage/drivers/btrfs/btrfs.go2
-rw-r--r--vendor/github.com/containers/storage/drivers/chown.go7
-rw-r--r--vendor/github.com/containers/storage/drivers/devmapper/driver.go2
-rw-r--r--vendor/github.com/containers/storage/drivers/driver.go7
-rw-r--r--vendor/github.com/containers/storage/drivers/fsdiff.go12
-rw-r--r--vendor/github.com/containers/storage/drivers/overlay/overlay.go68
-rw-r--r--vendor/github.com/containers/storage/drivers/vfs/driver.go4
-rw-r--r--vendor/github.com/containers/storage/drivers/windows/windows.go9
-rw-r--r--vendor/github.com/containers/storage/drivers/zfs/zfs.go2
-rw-r--r--vendor/github.com/containers/storage/layers.go16
-rw-r--r--vendor/github.com/containers/storage/pkg/archive/example_changes.go97
-rw-r--r--vendor/github.com/containers/storage/store.go85
14 files changed, 158 insertions, 162 deletions
diff --git a/vendor.conf b/vendor.conf
index be5e8c8a1..e477d8e2f 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -11,7 +11,7 @@ github.com/containerd/continuity master
github.com/containernetworking/cni v0.7.0-alpha1
github.com/containernetworking/plugins 1562a1e60ed101aacc5e08ed9dbeba8e9f3d4ec1
github.com/containers/image 134f99bed228d6297dc01d152804f6f09f185418
-github.com/containers/storage afdedba2d2ad573350aee35033d4e0c58fdbd57b
+github.com/containers/storage 956a1971694f18fd602b1203c0a2d192e2cc88a1
github.com/containers/psgo 382fc951fe0a8aba62043862ce1a56f77524db87
github.com/coreos/go-systemd v14
github.com/cri-o/ocicni master
diff --git a/vendor/github.com/containers/storage/drivers/aufs/aufs.go b/vendor/github.com/containers/storage/drivers/aufs/aufs.go
index ff367a126..bee4a598e 100644
--- a/vendor/github.com/containers/storage/drivers/aufs/aufs.go
+++ b/vendor/github.com/containers/storage/drivers/aufs/aufs.go
@@ -416,7 +416,7 @@ func atomicRemove(source string) error {
// Get returns the rootfs path for the id.
// This will mount the dir at its given path
-func (a *Driver) Get(id, mountLabel string) (string, error) {
+func (a *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) {
a.locker.Lock(id)
defer a.locker.Unlock(id)
parents, err := a.getParentLayerPaths(id)
@@ -728,3 +728,8 @@ func useDirperm() bool {
func (a *Driver) UpdateLayerIDMap(id string, toContainer, toHost *idtools.IDMappings, mountLabel string) error {
return fmt.Errorf("aufs doesn't support changing ID mappings")
}
+
+// SupportsShifting tells whether the driver support shifting of the UIDs/GIDs in an userNS
+func (a *Driver) SupportsShifting() bool {
+ return false
+}
diff --git a/vendor/github.com/containers/storage/drivers/btrfs/btrfs.go b/vendor/github.com/containers/storage/drivers/btrfs/btrfs.go
index 842079a1c..2dd81b0c0 100644
--- a/vendor/github.com/containers/storage/drivers/btrfs/btrfs.go
+++ b/vendor/github.com/containers/storage/drivers/btrfs/btrfs.go
@@ -634,7 +634,7 @@ func (d *Driver) Remove(id string) error {
}
// Get the requested filesystem id.
-func (d *Driver) Get(id, mountLabel string) (string, error) {
+func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) {
dir := d.subvolumesDirID(id)
st, err := os.Stat(dir)
if err != nil {
diff --git a/vendor/github.com/containers/storage/drivers/chown.go b/vendor/github.com/containers/storage/drivers/chown.go
index bcba12de9..168bb7e34 100644
--- a/vendor/github.com/containers/storage/drivers/chown.go
+++ b/vendor/github.com/containers/storage/drivers/chown.go
@@ -114,7 +114,7 @@ func NewNaiveLayerIDMapUpdater(driver ProtoDriver) LayerIDMapUpdater {
// same "container" IDs.
func (n *naiveLayerIDMapUpdater) UpdateLayerIDMap(id string, toContainer, toHost *idtools.IDMappings, mountLabel string) error {
driver := n.ProtoDriver
- layerFs, err := driver.Get(id, mountLabel)
+ layerFs, err := driver.Get(id, mountLabel, nil, nil)
if err != nil {
return err
}
@@ -124,3 +124,8 @@ func (n *naiveLayerIDMapUpdater) UpdateLayerIDMap(id string, toContainer, toHost
return ChownPathByMaps(layerFs, toContainer, toHost)
}
+
+// SupportsShifting tells whether the driver support shifting of the UIDs/GIDs in an userNS
+func (n *naiveLayerIDMapUpdater) SupportsShifting() bool {
+ return false
+}
diff --git a/vendor/github.com/containers/storage/drivers/devmapper/driver.go b/vendor/github.com/containers/storage/drivers/devmapper/driver.go
index a4ec6ebfd..4aaca6508 100644
--- a/vendor/github.com/containers/storage/drivers/devmapper/driver.go
+++ b/vendor/github.com/containers/storage/drivers/devmapper/driver.go
@@ -163,7 +163,7 @@ func (d *Driver) Remove(id string) error {
}
// Get mounts a device with given id into the root filesystem
-func (d *Driver) Get(id, mountLabel string) (string, error) {
+func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) {
d.locker.Lock(id)
defer d.locker.Unlock(id)
mp := path.Join(d.home, "mnt", id)
diff --git a/vendor/github.com/containers/storage/drivers/driver.go b/vendor/github.com/containers/storage/drivers/driver.go
index 1b4ad336d..40b911ab7 100644
--- a/vendor/github.com/containers/storage/drivers/driver.go
+++ b/vendor/github.com/containers/storage/drivers/driver.go
@@ -66,8 +66,9 @@ type ProtoDriver interface {
Remove(id string) error
// Get returns the mountpoint for the layered filesystem referred
// to by this id. You can optionally specify a mountLabel or "".
+ // Optionally it gets the mappings used to create the layer.
// Returns the absolute path to the mounted layered filesystem.
- Get(id, mountLabel string) (dir string, err error)
+ Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (dir string, err error)
// Put releases the system resources for the specified id,
// e.g, unmounting layered filesystem.
Put(id string) error
@@ -118,6 +119,10 @@ type LayerIDMapUpdater interface {
// relative to a parent layer, but before this method is called, may be discarded
// by Diff().
UpdateLayerIDMap(id string, toContainer, toHost *idtools.IDMappings, mountLabel string) error
+
+ // SupportsShifting tells whether the driver support shifting of the UIDs/GIDs in a
+ // image and it is not required to Chown the files when running in an user namespace.
+ SupportsShifting() bool
}
// Driver is the interface for layered/snapshot file system drivers.
diff --git a/vendor/github.com/containers/storage/drivers/fsdiff.go b/vendor/github.com/containers/storage/drivers/fsdiff.go
index 9c11a069c..64541e269 100644
--- a/vendor/github.com/containers/storage/drivers/fsdiff.go
+++ b/vendor/github.com/containers/storage/drivers/fsdiff.go
@@ -51,7 +51,7 @@ func (gdw *NaiveDiffDriver) Diff(id string, idMappings *idtools.IDMappings, pare
parentMappings = &idtools.IDMappings{}
}
- layerFs, err := driver.Get(id, mountLabel)
+ layerFs, err := driver.Get(id, mountLabel, nil, nil)
if err != nil {
return nil, err
}
@@ -78,7 +78,7 @@ func (gdw *NaiveDiffDriver) Diff(id string, idMappings *idtools.IDMappings, pare
}), nil
}
- parentFs, err := driver.Get(parent, mountLabel)
+ parentFs, err := driver.Get(parent, mountLabel, nil, nil)
if err != nil {
return nil, err
}
@@ -119,7 +119,7 @@ func (gdw *NaiveDiffDriver) Changes(id string, idMappings *idtools.IDMappings, p
parentMappings = &idtools.IDMappings{}
}
- layerFs, err := driver.Get(id, mountLabel)
+ layerFs, err := driver.Get(id, mountLabel, nil, nil)
if err != nil {
return nil, err
}
@@ -128,7 +128,7 @@ func (gdw *NaiveDiffDriver) Changes(id string, idMappings *idtools.IDMappings, p
parentFs := ""
if parent != "" {
- parentFs, err = driver.Get(parent, mountLabel)
+ parentFs, err = driver.Get(parent, mountLabel, nil, nil)
if err != nil {
return nil, err
}
@@ -149,7 +149,7 @@ func (gdw *NaiveDiffDriver) ApplyDiff(id string, applyMappings *idtools.IDMappin
}
// Mount the root filesystem so we can apply the diff/layer.
- layerFs, err := driver.Get(id, mountLabel)
+ layerFs, err := driver.Get(id, mountLabel, nil, nil)
if err != nil {
return
}
@@ -189,7 +189,7 @@ func (gdw *NaiveDiffDriver) DiffSize(id string, idMappings *idtools.IDMappings,
return
}
- layerFs, err := driver.Get(id, mountLabel)
+ layerFs, err := driver.Get(id, mountLabel, nil, nil)
if err != nil {
return
}
diff --git a/vendor/github.com/containers/storage/drivers/overlay/overlay.go b/vendor/github.com/containers/storage/drivers/overlay/overlay.go
index c59544aab..323d7c274 100644
--- a/vendor/github.com/containers/storage/drivers/overlay/overlay.go
+++ b/vendor/github.com/containers/storage/drivers/overlay/overlay.go
@@ -3,6 +3,7 @@
package overlay
import (
+ "bytes"
"fmt"
"io"
"io/ioutil"
@@ -590,6 +591,32 @@ func (d *Driver) getLowerDirs(id string) ([]string, error) {
return lowersArray, nil
}
+func (d *Driver) optsAppendMappings(opts string, uidMaps, gidMaps []idtools.IDMap) string {
+ if uidMaps == nil {
+ uidMaps = d.uidMaps
+ }
+ if gidMaps == nil {
+ gidMaps = d.gidMaps
+ }
+ if uidMaps != nil {
+ var uids, gids bytes.Buffer
+ for _, i := range uidMaps {
+ if uids.Len() > 0 {
+ uids.WriteString(":")
+ }
+ uids.WriteString(fmt.Sprintf("%d:%d:%d", i.ContainerID, i.HostID, i.Size))
+ }
+ for _, i := range gidMaps {
+ if gids.Len() > 0 {
+ gids.WriteString(":")
+ }
+ gids.WriteString(fmt.Sprintf("%d:%d:%d", i.ContainerID, i.HostID, i.Size))
+ }
+ return fmt.Sprintf("%s,uidmapping=%s,gidmapping=%s", opts, uids.String(), gids.String())
+ }
+ return opts
+}
+
// Remove cleans the directories that are created for this id.
func (d *Driver) Remove(id string) error {
d.locker.Lock(id)
@@ -615,7 +642,11 @@ func (d *Driver) Remove(id string) error {
}
// Get creates and mounts the required file system for the given id and returns the mount path.
-func (d *Driver) Get(id, mountLabel string) (_ string, retErr error) {
+func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (_ string, retErr error) {
+ return d.get(id, mountLabel, false, uidMaps, gidMaps)
+}
+
+func (d *Driver) get(id, mountLabel string, disableShifting bool, uidMaps, gidMaps []idtools.IDMap) (_ string, retErr error) {
d.locker.Lock(id)
defer d.locker.Unlock(id)
dir := d.dir(id)
@@ -719,24 +750,25 @@ func (d *Driver) Get(id, mountLabel string) (_ string, retErr error) {
// the page size. The mount syscall fails if the mount data cannot
// fit within a page and relative links make the mount data much
// smaller at the expense of requiring a fork exec to chroot.
- if len(mountData) > pageSize || d.options.mountProgram != "" {
+ if d.options.mountProgram != "" {
+ mountFunc = func(source string, target string, mType string, flags uintptr, label string) error {
+ if !disableShifting {
+ label = d.optsAppendMappings(label, uidMaps, gidMaps)
+ }
+
+ mountProgram := exec.Command(d.options.mountProgram, "-o", label, target)
+ mountProgram.Dir = d.home
+ return mountProgram.Run()
+ }
+ } else if len(mountData) > pageSize {
//FIXME: We need to figure out to get this to work with additional stores
opts = fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", strings.Join(relLowers, ":"), path.Join(id, "diff"), path.Join(id, "work"))
mountData = label.FormatMountLabel(opts, mountLabel)
if len(mountData) > pageSize {
return "", fmt.Errorf("cannot mount layer, mount label too large %d", len(mountData))
}
-
- if d.options.mountProgram != "" {
- mountFunc = func(source string, target string, mType string, flags uintptr, label string) error {
- mountProgram := exec.Command(d.options.mountProgram, "-o", label, target)
- mountProgram.Dir = d.home
- return mountProgram.Run()
- }
- } else {
- mountFunc = func(source string, target string, mType string, flags uintptr, label string) error {
- return mountFrom(d.home, source, target, mType, flags, label)
- }
+ mountFunc = func(source string, target string, mType string, flags uintptr, label string) error {
+ return mountFrom(d.home, source, target, mType, flags, label)
}
mountTarget = path.Join(id, "merged")
}
@@ -920,7 +952,7 @@ func (d *Driver) UpdateLayerIDMap(id string, toContainer, toHost *idtools.IDMapp
}
// Mount the new layer and handle ownership changes and possible copy_ups in it.
- layerFs, err := d.Get(id, mountLabel)
+ layerFs, err := d.get(id, mountLabel, true, nil, nil)
if err != nil {
return err
}
@@ -957,6 +989,14 @@ func (d *Driver) UpdateLayerIDMap(id string, toContainer, toHost *idtools.IDMapp
return nil
}
+// SupportsShifting tells whether the driver support shifting of the UIDs/GIDs in an userNS
+func (d *Driver) SupportsShifting() bool {
+ if os.Getenv("_TEST_FORCE_SUPPORT_SHIFTING") == "yes-please" {
+ return true
+ }
+ return d.options.mountProgram != ""
+}
+
// dumbJoin is more or less a dumber version of filepath.Join, but one which
// won't Clean() the path, allowing us to append ".." as a component and trust
// pathname resolution to do some non-obvious work.
diff --git a/vendor/github.com/containers/storage/drivers/vfs/driver.go b/vendor/github.com/containers/storage/drivers/vfs/driver.go
index ed9f70094..115afb814 100644
--- a/vendor/github.com/containers/storage/drivers/vfs/driver.go
+++ b/vendor/github.com/containers/storage/drivers/vfs/driver.go
@@ -137,7 +137,7 @@ func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts, ro bool
label.SetFileLabel(dir, mountLabel)
}
if parent != "" {
- parentDir, err := d.Get(parent, "")
+ parentDir, err := d.Get(parent, "", nil, nil)
if err != nil {
return fmt.Errorf("%s: %s", parent, err)
}
@@ -179,7 +179,7 @@ func (d *Driver) Remove(id string) error {
}
// Get returns the directory for the given id.
-func (d *Driver) Get(id, mountLabel string) (string, error) {
+func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) {
dir := d.dir(id)
if st, err := os.Stat(dir); err != nil {
return "", err
diff --git a/vendor/github.com/containers/storage/drivers/windows/windows.go b/vendor/github.com/containers/storage/drivers/windows/windows.go
index 15c90b54d..9d9aac701 100644
--- a/vendor/github.com/containers/storage/drivers/windows/windows.go
+++ b/vendor/github.com/containers/storage/drivers/windows/windows.go
@@ -362,7 +362,7 @@ func (d *Driver) Remove(id string) error {
}
// Get returns the rootfs path for the id. This will mount the dir at its given path.
-func (d *Driver) Get(id, mountLabel string) (string, error) {
+func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) {
panicIfUsedByLcow()
logrus.Debugf("WindowsGraphDriver Get() id %s mountLabel %s", id, mountLabel)
var dir string
@@ -620,7 +620,7 @@ func (d *Driver) DiffSize(id string, idMappings *idtools.IDMappings, parent stri
return
}
- layerFs, err := d.Get(id, "")
+ layerFs, err := d.Get(id, "", nil, nil)
if err != nil {
return
}
@@ -954,6 +954,11 @@ func (d *Driver) UpdateLayerIDMap(id string, toContainer, toHost *idtools.IDMapp
return fmt.Errorf("windows doesn't support changing ID mappings")
}
+// SupportsShifting tells whether the driver support shifting of the UIDs/GIDs in an userNS
+func (d *Driver) SupportsShifting() bool {
+ return false
+}
+
type storageOptions struct {
size uint64
}
diff --git a/vendor/github.com/containers/storage/drivers/zfs/zfs.go b/vendor/github.com/containers/storage/drivers/zfs/zfs.go
index 598cc0699..b8ae59a61 100644
--- a/vendor/github.com/containers/storage/drivers/zfs/zfs.go
+++ b/vendor/github.com/containers/storage/drivers/zfs/zfs.go
@@ -360,7 +360,7 @@ func (d *Driver) Remove(id string) error {
}
// Get returns the mountpoint for the given id after creating the target directories if necessary.
-func (d *Driver) Get(id, mountLabel string) (string, error) {
+func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) {
mountpoint := d.mountPath(id)
if count := d.ctr.Increment(mountpoint); count > 1 {
return mountpoint, nil
diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go
index 6760996d6..c5f926273 100644
--- a/vendor/github.com/containers/storage/layers.go
+++ b/vendor/github.com/containers/storage/layers.go
@@ -4,6 +4,7 @@ import (
"bytes"
"compress/gzip"
"encoding/json"
+ "fmt"
"io"
"io/ioutil"
"os"
@@ -208,7 +209,8 @@ type LayerStore interface {
// Mount mounts a layer for use. If the specified layer is the parent of other
// layers, it should not be written to. An SELinux label to be applied to the
// mount can be specified to override the one configured for the layer.
- Mount(id, mountLabel string) (string, error)
+ // The mappings used by the container can be specified.
+ Mount(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error)
// Unmount unmounts a layer when it is no longer in use.
Unmount(id string, force bool) (bool, error)
@@ -635,7 +637,7 @@ func (r *layerStore) Mounted(id string) (int, error) {
return layer.MountCount, nil
}
-func (r *layerStore) Mount(id, mountLabel string) (string, error) {
+func (r *layerStore) Mount(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) {
if !r.IsReadWrite() {
return "", errors.Wrapf(ErrStoreIsReadOnly, "not allowed to update mount locations for layers at %q", r.mountspath())
}
@@ -650,7 +652,13 @@ func (r *layerStore) Mount(id, mountLabel string) (string, error) {
if mountLabel == "" {
mountLabel = layer.MountLabel
}
- mountpoint, err := r.driver.Get(id, mountLabel)
+
+ if (uidMaps != nil || gidMaps != nil) && !r.driver.SupportsShifting() {
+ if !reflect.DeepEqual(uidMaps, layer.UIDMap) || !reflect.DeepEqual(gidMaps, layer.GIDMap) {
+ return "", fmt.Errorf("cannot mount layer %v: shifting not enabled", layer.ID)
+ }
+ }
+ mountpoint, err := r.driver.Get(id, mountLabel, uidMaps, gidMaps)
if mountpoint != "" && err == nil {
if layer.MountPoint != "" {
delete(r.bymount, layer.MountPoint)
@@ -937,7 +945,7 @@ func (r *layerStore) newFileGetter(id string) (drivers.FileGetCloser, error) {
if getter, ok := r.driver.(drivers.DiffGetterDriver); ok {
return getter.DiffGetter(id)
}
- path, err := r.Mount(id, "")
+ path, err := r.Mount(id, "", nil, nil)
if err != nil {
return nil, err
}
diff --git a/vendor/github.com/containers/storage/pkg/archive/example_changes.go b/vendor/github.com/containers/storage/pkg/archive/example_changes.go
deleted file mode 100644
index 70f9c5564..000000000
--- a/vendor/github.com/containers/storage/pkg/archive/example_changes.go
+++ /dev/null
@@ -1,97 +0,0 @@
-// +build ignore
-
-// Simple tool to create an archive stream from an old and new directory
-//
-// By default it will stream the comparison of two temporary directories with junk files
-package main
-
-import (
- "flag"
- "fmt"
- "io"
- "io/ioutil"
- "os"
- "path"
-
- "github.com/containers/storage/pkg/archive"
- "github.com/sirupsen/logrus"
-)
-
-var (
- flDebug = flag.Bool("D", false, "debugging output")
- flNewDir = flag.String("newdir", "", "")
- flOldDir = flag.String("olddir", "", "")
- log = logrus.New()
-)
-
-func main() {
- flag.Usage = func() {
- fmt.Println("Produce a tar from comparing two directory paths. By default a demo tar is created of around 200 files (including hardlinks)")
- fmt.Printf("%s [OPTIONS]\n", os.Args[0])
- flag.PrintDefaults()
- }
- flag.Parse()
- log.Out = os.Stderr
- if (len(os.Getenv("DEBUG")) > 0) || *flDebug {
- logrus.SetLevel(logrus.DebugLevel)
- }
- var newDir, oldDir string
-
- if len(*flNewDir) == 0 {
- var err error
- newDir, err = ioutil.TempDir("", "storage-test-newDir")
- if err != nil {
- log.Fatal(err)
- }
- defer os.RemoveAll(newDir)
- if _, err := prepareUntarSourceDirectory(100, newDir, true); err != nil {
- log.Fatal(err)
- }
- } else {
- newDir = *flNewDir
- }
-
- if len(*flOldDir) == 0 {
- oldDir, err := ioutil.TempDir("", "storage-test-oldDir")
- if err != nil {
- log.Fatal(err)
- }
- defer os.RemoveAll(oldDir)
- } else {
- oldDir = *flOldDir
- }
-
- changes, err := archive.ChangesDirs(newDir, oldDir)
- if err != nil {
- log.Fatal(err)
- }
-
- a, err := archive.ExportChanges(newDir, changes)
- if err != nil {
- log.Fatal(err)
- }
- defer a.Close()
-
- i, err := io.Copy(os.Stdout, a)
- if err != nil && err != io.EOF {
- log.Fatal(err)
- }
- fmt.Fprintf(os.Stderr, "wrote archive of %d bytes", i)
-}
-
-func prepareUntarSourceDirectory(numberOfFiles int, targetPath string, makeLinks bool) (int, error) {
- fileData := []byte("fooo")
- for n := 0; n < numberOfFiles; n++ {
- fileName := fmt.Sprintf("file-%d", n)
- if err := ioutil.WriteFile(path.Join(targetPath, fileName), fileData, 0700); err != nil {
- return 0, err
- }
- if makeLinks {
- if err := os.Link(path.Join(targetPath, fileName), path.Join(targetPath, fileName+"-link")); err != nil {
- return 0, err
- }
- }
- }
- totalSize := numberOfFiles * len(fileData)
- return totalSize, nil
-}
diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go
index c7e2d48ea..33b91a353 100644
--- a/vendor/github.com/containers/storage/store.go
+++ b/vendor/github.com/containers/storage/store.go
@@ -896,13 +896,18 @@ func (s *store) PutLayer(id, parent string, names []string, mountLabel string, w
gidMap = s.gidMap
}
}
- layerOptions := &LayerOptions{
- IDMappingOptions: IDMappingOptions{
- HostUIDMapping: options.HostUIDMapping,
- HostGIDMapping: options.HostGIDMapping,
- UIDMap: copyIDMap(uidMap),
- GIDMap: copyIDMap(gidMap),
- },
+ var layerOptions *LayerOptions
+ if s.graphDriver.SupportsShifting() {
+ layerOptions = &LayerOptions{IDMappingOptions: IDMappingOptions{HostUIDMapping: true, HostGIDMapping: true, UIDMap: nil, GIDMap: nil}}
+ } else {
+ layerOptions = &LayerOptions{
+ IDMappingOptions: IDMappingOptions{
+ HostUIDMapping: options.HostUIDMapping,
+ HostGIDMapping: options.HostGIDMapping,
+ UIDMap: copyIDMap(uidMap),
+ GIDMap: copyIDMap(gidMap),
+ },
+ }
}
return rlstore.Put(id, parentLayer, names, mountLabel, nil, layerOptions, writeable, nil, diff)
}
@@ -964,6 +969,10 @@ func (s *store) CreateImage(id string, names []string, layer, metadata string, o
func (s *store) imageTopLayerForMapping(image *Image, ristore ROImageStore, readWrite bool, rlstore LayerStore, lstores []ROLayerStore, options IDMappingOptions) (*Layer, error) {
layerMatchesMappingOptions := func(layer *Layer, options IDMappingOptions) bool {
+ // If the driver supports shifting and the layer has no mappings, we can use it.
+ if s.graphDriver.SupportsShifting() && len(layer.UIDMap) == 0 && len(layer.GIDMap) == 0 {
+ return true
+ }
// If we want host mapping, and the layer uses mappings, it's not the best match.
if options.HostUIDMapping && len(layer.UIDMap) != 0 {
return false
@@ -1036,16 +1045,22 @@ func (s *store) imageTopLayerForMapping(image *Image, ristore ROImageStore, read
}
rc, err := layerHomeStore.Diff("", layer.ID, &diffOptions)
if err != nil {
- return nil, errors.Wrapf(err, "error reading layer %q to create an ID-mapped version of it")
+ return nil, errors.Wrapf(err, "error reading layer %q to create an ID-mapped version of it", layer.ID)
}
defer rc.Close()
- layerOptions := LayerOptions{
- IDMappingOptions: IDMappingOptions{
- HostUIDMapping: options.HostUIDMapping,
- HostGIDMapping: options.HostGIDMapping,
- UIDMap: copyIDMap(options.UIDMap),
- GIDMap: copyIDMap(options.GIDMap),
- },
+
+ var layerOptions LayerOptions
+ if s.graphDriver.SupportsShifting() {
+ layerOptions = LayerOptions{IDMappingOptions: IDMappingOptions{HostUIDMapping: true, HostGIDMapping: true, UIDMap: nil, GIDMap: nil}}
+ } else {
+ layerOptions = LayerOptions{
+ IDMappingOptions: IDMappingOptions{
+ HostUIDMapping: options.HostUIDMapping,
+ HostGIDMapping: options.HostGIDMapping,
+ UIDMap: copyIDMap(options.UIDMap),
+ GIDMap: copyIDMap(options.GIDMap),
+ },
+ }
}
mappedLayer, _, err := rlstore.Put("", parentLayer, nil, layer.MountLabel, nil, &layerOptions, false, nil, rc)
if err != nil {
@@ -1089,6 +1104,8 @@ func (s *store) CreateContainer(id string, names []string, image, layer, metadat
imageID := ""
uidMap := options.UIDMap
gidMap := options.GIDMap
+
+ idMappingsOptions := options.IDMappingOptions
if image != "" {
var imageHomeStore ROImageStore
istore, err := s.ImageStore()
@@ -1121,7 +1138,7 @@ func (s *store) CreateContainer(id string, names []string, image, layer, metadat
if err != nil {
return nil, err
}
- ilayer, err := s.imageTopLayerForMapping(cimage, imageHomeStore, imageHomeStore == istore, rlstore, lstores, options.IDMappingOptions)
+ ilayer, err := s.imageTopLayerForMapping(cimage, imageHomeStore, imageHomeStore == istore, rlstore, lstores, idMappingsOptions)
if err != nil {
return nil, err
}
@@ -1140,13 +1157,18 @@ func (s *store) CreateContainer(id string, names []string, image, layer, metadat
gidMap = s.gidMap
}
}
- layerOptions := &LayerOptions{
- IDMappingOptions: IDMappingOptions{
- HostUIDMapping: options.HostUIDMapping,
- HostGIDMapping: options.HostGIDMapping,
- UIDMap: copyIDMap(uidMap),
- GIDMap: copyIDMap(gidMap),
- },
+ var layerOptions *LayerOptions
+ if s.graphDriver.SupportsShifting() {
+ layerOptions = &LayerOptions{IDMappingOptions: IDMappingOptions{HostUIDMapping: true, HostGIDMapping: true, UIDMap: nil, GIDMap: nil}}
+ } else {
+ layerOptions = &LayerOptions{
+ IDMappingOptions: IDMappingOptions{
+ HostUIDMapping: idMappingsOptions.HostUIDMapping,
+ HostGIDMapping: idMappingsOptions.HostGIDMapping,
+ UIDMap: copyIDMap(uidMap),
+ GIDMap: copyIDMap(gidMap),
+ },
+ }
}
clayer, err := rlstore.Create(layer, imageTopLayer, nil, "", nil, layerOptions, true)
if err != nil {
@@ -1164,10 +1186,10 @@ func (s *store) CreateContainer(id string, names []string, image, layer, metadat
}
options = &ContainerOptions{
IDMappingOptions: IDMappingOptions{
- HostUIDMapping: len(clayer.UIDMap) == 0,
- HostGIDMapping: len(clayer.GIDMap) == 0,
- UIDMap: copyIDMap(clayer.UIDMap),
- GIDMap: copyIDMap(clayer.GIDMap),
+ HostUIDMapping: len(options.UIDMap) == 0,
+ HostGIDMapping: len(options.GIDMap) == 0,
+ UIDMap: copyIDMap(options.UIDMap),
+ GIDMap: copyIDMap(options.GIDMap),
},
}
container, err := rcstore.Create(id, names, imageID, layer, metadata, options)
@@ -2230,8 +2252,11 @@ func (s *store) Version() ([][2]string, error) {
}
func (s *store) Mount(id, mountLabel string) (string, error) {
- if layerID, err := s.ContainerLayerID(id); err == nil {
- id = layerID
+ container, err := s.Container(id)
+ var uidMap, gidMap []idtools.IDMap
+ if err == nil {
+ uidMap, gidMap = container.UIDMap, container.GIDMap
+ id = container.LayerID
}
rlstore, err := s.LayerStore()
if err != nil {
@@ -2243,7 +2268,7 @@ func (s *store) Mount(id, mountLabel string) (string, error) {
rlstore.Load()
}
if rlstore.Exists(id) {
- return rlstore.Mount(id, mountLabel)
+ return rlstore.Mount(id, mountLabel, uidMap, gidMap)
}
return "", ErrLayerUnknown
}