always stop looking up at the upper layer for newly created
directories so to not expose the lower directory content.
Closes: https://github.com/containers/fuse-overlayfs/issues/444
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Allow directory paths specified for lowerdir, upperdir and workdir to
contain colon characters.
Previously, colons were unconditionally treated as separators,
making it impossible to use directories with colons in their names.
Closes: https://github.com/containers/fuse-overlayfs/issues/440
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The major use case of stat override is to enable rootless containers
on network filesystems, and they also lack security xattr support in
non-root user namespaces. Trying to set security xattrs on them result
in ENOTSUP and break things.
It makes little sense to share security xattrs with the underlying
filesystems when overriding stat in the first place. Linux's NFS server
exposes security xattrs only when the user explicitly claims the
security consistencies between the server and clients, and hide them
otherwise. Following this precedent, we should isolate security xattrs
since we know the security policy enforced by fuse-overlayfs is already
distinct from the underlying filesystem when overriding owners and file
mode.
Mark security xattrs inaccessible with STAT_OVERRIDE_CONTAINERS to
prefix all access to them with XATTR_CONTAINERS_OVERRIDE_PREFIX.
Signed-off-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
ovl_setattr () used to pass -1 as uid or gid when either of them
is not changed for do_fchown () / do_chown (), but if these functions
use overriding xattrs instead of real fchown () or chown (), it causes
-1 to be written in owner overriding xattrs and break them.
Replace -1 with the current uid or gid before calling do_fchown () /
do_chown ().
Signed-off-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
The test of fast_ino_check used CentOS Stream 8, which is no longer
supported and whose repositories are no longer available.
While we can update it to use CentOS Stream 9, use Fedora instead for
consistency with the other test cases.
Signed-off-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
The test case for https://github.com/containers/fuse-overlayfs/issues/86
does no longer work because it relies on CentOS Stream 8 repositories,
which are unavailable.
While we can update it to use CentOS Stream 9, the issue says it is
limited to CentOS 6, and it is unclear if the test case will reproduce
the intended scenario with CentOS Stream 8 or 9 so drop it.
Signed-off-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
always use llistxattr and lgetxattr for listing and reading xattrs so
that the open/openat2 call doesn't fail when accessing a device.
Closes: https://github.com/containers/fuse-overlayfs/issues/312
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
If a dir is opaque, there's no need to create a whiteout within it as
the opacity will block out any files from lower dirs already anyways.
The kernel's overlay implementation also doesn't currently handle
whiteouts in opaque dirs very well (the whiteout shows up in readdir
calls but can't be stat'd), so this fix also improves compatibility
between fuse-overlay and the kernel's overlay a bit too.
Signed-off-by: Erik Sipsma <erik@sipsma.dev>
if a whiteout was created as part of a rename operation, mark the
directory content as not loaded so to avoid some optimizations when a
whiteout file must be deleted.
Closes: https://github.com/containers/fuse-overlayfs/issues/279
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
when device whiteouts are created (supported for unprivileged users in
newer Linux kernels) make sure the RENAME_NOREPLACE flag is dropped
when renaming the file on top of an existing whiteout.
Closes: https://github.com/containers/fuse-overlayfs/issues/273
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
if a file is delete and not accessible from the file system, but it is
still referenced, we must be able to open and use it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
since these files need the -v option that is not present with Docker,
rename the files to Containerfile to avoid confusion.
more info: https://twitter.com/cpuguy83/status/1313523894536429568
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
utils.c: file_exists_at: fallback to `fstatat` when `faccessat` fails with `EINVAL` (on musl).
.travis.yml: alpine test added.
main.c: reallocate path before appending.
Closes#174.
Signed-off-by: Max Goltzsche <max.goltzsche@gmail.com>
use the full relative path when looking up the whiteout file,
otherwise a whiteout in the upper layer will hide files in
subdirectories.
Closes: https://github.com/containers/fuse-overlayfs/issues/151
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
verify that setting attributes on a dangling symlink work, even if the
file type is different on a lower layer.
Closes: https://github.com/containers/fuse-overlayfs/issues/143
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
correctly read the inode when processing a UNIX socket.
regression introduced by b25bbde64dc5d06373e087d7fae6367acf1fd09e.
Closes: https://github.com/containers/fuse-overlayfs/issues/110
Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
introduce a hash map to refer from an inode to the file paths.
A recent change where we enable FUSE writeback by default uncovered an
underlying issue in fuse-overlayfs where changes to a file with
multiple links would not be visible from the other link.
For each inode, maintain a list of nodes that refer to it, so that we
can still access it when a link is removed and more importantly we can
use the inode value with FUSE.
Closes: https://github.com/containers/fuse-overlayfs/issues/108
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1744109
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
when reading xattr, if the path cannot be open as it is a directory,
operate on the /proc/fd/FD path.
Closes: https://github.com/containers/fuse-overlayfs/issues/104
Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
fix a regression introduced by f64f65287817fecd0 that prevents a
whiteout file to be created on the first unlink.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
