-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ws-daemon] Add support for idmapped mounts #14026
base: main
Are you sure you want to change the base?
Conversation
1b8bd14
to
7f0119c
Compare
bd11b96
to
c2e7e6c
Compare
c2e7e6c
to
c1ffe65
Compare
Turns out one cannot use idmapped mounts on top of overlayfs. It works as lower, but the $ mount -t overlay overlay -o lowerdir=a/lo,upperdir=a/up,workdir=a/work a/mnt
$ strace ./mount-idmapped --map-mount b:0:10000:10000 $PWD/a/mnt $PWD/mapped
mount_setattr(3, "", AT_EMPTY_PATH|AT_RECURSIVE, {attr_set=MOUNT_ATTR_IDMAP, attr_clr=0, propagation=0 /* MS_??? */, userns_fd=4}, 32) = -1 EINVAL (Invalid argument) |
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
return xerrors.Errorf("open(userns): %w", err) | ||
} | ||
defer usernsFD.Close() | ||
err = unix.MountSetattr(mappedFD, "", unix.AT_EMPTY_PATH|unix.AT_RECURSIVE, &unix.MountAttr{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@csweichel
How about this one? Maybe it could work without EINVAL because the id-mapped mount doesn't need to mount the overlays layers. Or did it have to be recursive?
err = unix.MountSetattr(mappedFD, "", unix.AT_EMPTY_PATH|unix.AT_RECURSIVE, &unix.MountAttr{ | |
err = unix.MountSetattr(mappedFD, "", unix.AT_EMPTY_PATH, &unix.MountAttr{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@utam0k I assume you are making this suggestion to make it possible for us to use ID mapped mounts? Assuming yes, perhaps later this week, after deploy is done, you can spend <4 hours testing this in a workspace-preview?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Roger that.
For some reason, this sample code always uses I believe we have to do like that. This code comes from the man of mount_setattr(2), ret = mount_setattr(fd_tree, "",
AT_EMPTY_PATH | (recursive ? AT_RECURSIVE : 0),
attr, sizeof(struct mount_attr)); |
@utam0k that is included in the util-linux change |
Description
Adds support for idmapped mounts, alongside shiftfs and fuse-overlayfs
Related Issue(s)
Fixes #10181
How to test
idmapped
as fs shift methodRelease Notes
Documentation
Werft options:
If enabled this will build
install/preview
Valid options are
all
,workspace
,webapp
,ide