TheCloud/fuse-overlayfs
1
0
Fork 0
mirror of https://github.com/containers/fuse-overlayfs.git synced 2025-08-04 02:15:58 -04:00
Code Issues Packages Projects Releases Wiki Activity

main: add a mount flag to disable ACLs

Browse Source 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano 2021-09-15 12:21:51 +02:00
parent b47bccfc0d
commit 30791df55f
No known key found for this signature in database
GPG Key ID: E4730F97F60286ED
4 changed files with 41 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
fuse-overlayfs.1
View File

@ -1,55 +1,55 @@
.nh .nh
.TH fuse\-overlayfs 1 "User Commands" .TH fuse-overlayfs 1 "User Commands"
.SH NAME .SH NAME
.PP .PP
fuse\-overlayfs \- overlayfs FUSE implementation fuse-overlayfs - overlayfs FUSE implementation
.SH SYNOPSIS .SH SYNOPSIS
.PP .PP
mounting mounting
fuse\-overlayfs [\-f] [\-\-debug] [\-o OPTS] MOUNT\_TARGET fuse-overlayfs [-f] [--debug] [-o OPTS] MOUNT_TARGET
.PP .PP
unmounting unmounting
fusermount \-u mountpoint fusermount -u mountpoint
.SH DESCRIPTION .SH DESCRIPTION
.PP .PP
fuse\-overlayfs provides an overlayfs FUSE implementation so that it fuse-overlayfs provides an overlayfs FUSE implementation so that it
can be used since Linux 4.18 by unprivileged users in an user can be used since Linux 4.18 by unprivileged users in an user
namespace. namespace.
.SH OPTIONS .SH OPTIONS
.PP .PP
\fB\-\-debug\fP \fB--debug\fP
Enable debugging mode, can be very noisy. Enable debugging mode, can be very noisy.
.PP .PP
\fB\-o lowerdir=low1[:low2...]\fP \fB-o lowerdir=low1[:low2...]\fP
A list of directories separated by \fB\fC:\fR\&. Their content is merged. A list of directories separated by \fB\fC:\fR\&. Their content is merged.
.PP .PP
\fB\-o upperdir=upperdir\fP \fB-o upperdir=upperdir\fP
A directory merged on top of all the lowerdirs where all the changes A directory merged on top of all the lowerdirs where all the changes
done to the file system will be written. done to the file system will be written.
.PP .PP
\fB\-o workdir=workdir\fP \fB-o workdir=workdir\fP
A directory used internally by fuse\-overlays, must be on the same file A directory used internally by fuse-overlays, must be on the same file
system as the upper dir. system as the upper dir.
.PP .PP
\fB\-o uidmapping=UID:MAPPED\-UID:LEN[,UID2:MAPPED\-UID2:LEN2]\fP \fB-o uidmapping=UID:MAPPED-UID:LEN[,UID2:MAPPED-UID2:LEN2]\fP
\fB\-o gidmapping=GID:MAPPED\-GID:LEN[,GID2:MAPPED\-GID2:LEN2]\fP \fB-o gidmapping=GID:MAPPED-GID:LEN[,GID2:MAPPED-GID2:LEN2]\fP
Specifies the dynamic UID/GID mapping used by fuse\-overlayfs when Specifies the dynamic UID/GID mapping used by fuse-overlayfs when
reading/writing files to the system. reading/writing files to the system.
.PP .PP
The fuse\-overlayfs dynamic mapping is an alternative and cheaper way The fuse-overlayfs dynamic mapping is an alternative and cheaper way
to chown'ing the files on the host to accommodate the user namespace to chown'ing the files on the host to accommodate the user namespace
settings. settings.
@ -62,13 +62,13 @@ without requiring to chown the files.
For example, given on the host two files like: For example, given on the host two files like:
.PP .PP
$ stat \-c %u:%g lower/a lower/b $ stat -c %u:%g lower/a lower/b
0:0 0:0
1:1 1:1
.PP .PP
When we run in a user namespace with the following configuration: When we run in a user namespace with the following configuration:
$ cat /proc/self/uid\_map $ cat /proc/self/uid_map
0 1000 1 0 1000 1
1 110000 65536 1 110000 65536
@ -76,7 +76,7 @@ $ cat /proc/self/uid\_map
We would see: We would see:
.PP .PP
$ stat \-c %u:%g merged/a merged/b $ stat -c %u:%g merged/a merged/b
65534:65534 65534:65534
65534:65534 65534:65534
@ -86,13 +86,13 @@ user namespace. This happens because both users 0:0 and 1:1 are not
mapped. mapped.
.PP .PP
In the above example, if we mount the fuse\-overlayfs file system using: In the above example, if we mount the fuse-overlayfs file system using:
\fB\fC\-ouidmapping=0:1000:1:1:110000:65536,gidmapping=0:1000:1:1:110000:65536\fR, \fB\fC-ouidmapping=0:1000:1:1:110000:65536,gidmapping=0:1000:1:1:110000:65536\fR,
which is the namespace configuration specified on a single line, we'd which is the namespace configuration specified on a single line, we'd
see from the same user namespace: see from the same user namespace:
.PP .PP
$ stat \-c %u:%g merged/a merged/b $ stat -c %u:%g merged/a merged/b
0:0 0:0
1:1 1:1
@ -100,20 +100,20 @@ $ stat \-c %u:%g merged/a merged/b
Those are the same IDs visible from outside the user namespace. Those are the same IDs visible from outside the user namespace.
.PP .PP
\fB\-o squash\_to\_root\fP \fB-o squash_to_root\fP
Every file and directory is owned by the root user (0:0). Every file and directory is owned by the root user (0:0).
.PP .PP
\fB\-o squash\_to\_uid=uid\fP \fB-o squash_to_uid=uid\fP
\fB\-o squash\_to\_gid=gid\fP \fB-o squash_to_gid=gid\fP
Every file and directory is owned by the specified uid or gid. Every file and directory is owned by the specified uid or gid.
.PP .PP
It has higher precedence over \fBsquash\_to\_root\fP\&. It has higher precedence over \fBsquash_to_root\fP\&.
.PP .PP
\fB\-o static\_nlink\fP \fB-o static_nlink\fP
Set st\_nlink to the static value 1 for all directories. Set st_nlink to the static value 1 for all directories.
.PP .PP
This can be useful for higher latency file systems such as NFS, where This can be useful for higher latency file systems such as NFS, where
@ -121,13 +121,17 @@ counting the number of hard links for a directory with many files can
be a slow operation. With this option enabled, the number of hard be a slow operation. With this option enabled, the number of hard
links reported when running stat for any directory is 1. links reported when running stat for any directory is 1.
.PP
\fB-o noacl\fP
Disable ACL support in the FUSE file system.
.SH SEE ALSO .SH SEE ALSO
.PP .PP
\fBfuse\fP(8), \fBmount\fP(8), \fBuser\_namespaces\fP(7) \fBfuse\fP(8), \fBmount\fP(8), \fBuser_namespaces\fP(7)
.SH AVAILABILITY .SH AVAILABILITY
.PP .PP
The fuse\-overlayfs command is available from The fuse-overlayfs command is available from
\fBhttps://github.com/containers/fuse\-overlayfs\fP under GNU GENERAL PUBLIC LICENSE Version 3 or later. \fBhttps://github.com/containers/fuse-overlayfs\fP under GNU GENERAL PUBLIC LICENSE Version 3 or later.

3
fuse-overlayfs.1.md
View File

@ -97,6 +97,9 @@ counting the number of hard links for a directory with many files can
be a slow operation. With this option enabled, the number of hard be a slow operation. With this option enabled, the number of hard
links reported when running stat for any directory is 1. links reported when running stat for any directory is 1.
**-o noacl**
Disable ACL support in the FUSE file system.
# SEE ALSO # SEE ALSO
**fuse**(8), **mount**(8), **user_namespaces**(7) **fuse**(8), **mount**(8), **user_namespaces**(7)

1
fuse-overlayfs.h
View File

@ -92,6 +92,7 @@ struct ovl_data
double timeout; double timeout;
int threaded; int threaded;
int fsync; int fsync;
int noacl;
int fast_ino_check; int fast_ino_check;
int writeback; int writeback;
int disable_xattrs; int disable_xattrs;

5
main.c
View File

@ -227,6 +227,8 @@ static const struct fuse_opt ovl_opts[] = {
offsetof (struct ovl_data, static_nlink), 1}, offsetof (struct ovl_data, static_nlink), 1},
{"volatile", /* native overlay supports "volatile" to mean fsync=0. */ {"volatile", /* native overlay supports "volatile" to mean fsync=0. */
offsetof (struct ovl_data, fsync), 0}, offsetof (struct ovl_data, fsync), 0},
{"noacl",
offsetof (struct ovl_data, noacl), 1},
FUSE_OPT_END FUSE_OPT_END
}; };
@ -427,7 +429,7 @@ ovl_init (void *userdata, struct fuse_conn_info *conn)
if ((conn->capable & FUSE_CAP_WRITEBACK_CACHE) == 0) if ((conn->capable & FUSE_CAP_WRITEBACK_CACHE) == 0)
lo->writeback = 0; lo->writeback = 0;
if (conn->capable & FUSE_CAP_POSIX_ACL) if ((lo->noacl == 0) && (conn->capable & FUSE_CAP_POSIX_ACL))
conn->want |= FUSE_CAP_POSIX_ACL; conn->want |= FUSE_CAP_POSIX_ACL;
conn->want |= FUSE_CAP_DONT_MASK | FUSE_CAP_SPLICE_READ | FUSE_CAP_SPLICE_WRITE | FUSE_CAP_SPLICE_MOVE; conn->want |= FUSE_CAP_DONT_MASK | FUSE_CAP_SPLICE_READ | FUSE_CAP_SPLICE_WRITE | FUSE_CAP_SPLICE_MOVE;
@ -5515,6 +5517,7 @@ main (int argc, char *argv[])
.redirect_dir = NULL, .redirect_dir = NULL,
.mountpoint = NULL, .mountpoint = NULL,
.fsync = 1, .fsync = 1,
.noacl = 0,
.squash_to_uid = -1, .squash_to_uid = -1,
.squash_to_gid = -1, .squash_to_gid = -1,
.static_nlink = 0, .static_nlink = 0,