always use llistxattr and lgetxattr for listing and reading xattrs so
that the open/openat2 call doesn't fail when accessing a device.
Closes: https://github.com/containers/fuse-overlayfs/issues/312
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
also honor user.containers.override_stat to override containers stat
override as it is set by containers/storage.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
introduce a new xattr "user.fuseoverlayfs.override_stat" that permit
to override the reported uid/gid/mode for lower layers.
It enables sharing storage among different users.
Since it is not possible to use "user.*" xattrs for symlinks, provide
also a privileged variant "security.fuseoverlayfs.override_stat", so
the root user can create the xattr for symlinks as well.
A script "fix-mode.py" is provided for converting an existing
layer/storage to the new model. It is a destructive operation as
every file is converted to mode 0755, thus it is not usable anymore
with native overlay, or older versions of fuse-overlayfs.
Example with Podman:
Rootless:
Modify /.config/containers/storage.conf and add under storage.options:
additionalimagestores = ["/var/lib/shared-storage"]
Assuming an empty local storage for the user:
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE ReadOnly
docker.io/library/fedora latest a368cbcfa678 5 weeks ago 189 MB true
and the files show the original mode and owner:
$ podman run --read-only --rm -ti docker.io/library/fedora ls -l /
lrwxrwxrwx. 1 root root 7 Jan 28 2020 bin -> usr/bin
dr-xr-xr-x. 2 root root 6 Jan 28 2020 boot
drwxr-xr-x. 5 root root 360 Aug 15 13:26 dev
drwxr-xr-x. 41 root root 4096 Jul 9 06:48 etc
drwxr-xr-x. 2 root root 6 Jan 28 2020 home
lrwxrwxrwx. 1 root root 7 Jan 28 2020 lib -> usr/lib
lrwxrwxrwx. 1 root root 9 Jan 28 2020 lib64 -> usr/lib64
drwx------. 2 root root 6 Jul 9 06:48 lost+found
drwxr-xr-x. 2 root root 6 Jan 28 2020 media
drwxr-xr-x. 2 root root 6 Jan 28 2020 mnt
drwxr-xr-x. 2 root root 6 Jan 28 2020 opt
dr-xr-xr-x. 436 nobody nobody 0 Aug 15 13:26 proc
dr-xr-x---. 2 root root 196 Jul 9 06:48 root
drwxrwxrwt. 3 root root 80 Aug 15 13:26 run
lrwxrwxrwx. 1 root root 8 Jan 28 2020 sbin -> usr/sbin
drwxr-xr-x. 2 root root 6 Jan 28 2020 srv
dr-xr-xr-x. 13 nobody nobody 0 Aug 5 21:38 sys
drwxrwxrwt. 2 root root 60 Aug 15 13:26 tmp
drwxr-xr-x. 12 root root 144 Jul 9 06:48 usr
drwxr-xr-x. 18 root root 235 Jul 9 06:48 var
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
it caused an issue on armv7h where different versions of dirent struct
were used in main.c and in the other files.
Regression introduced with c2c2ac5b82fb59322da227d196214b4a58ede634
Closes: https://github.com/containers/fuse-overlayfs/issues/197
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add a simple plugin mechanism that will help to expand fuse-overlayfs
functionalities, in particular it allows to load data from a layer on
demand.
A plugin is loaded into fuse-overlayfs using the option:
-o plugins=path/to/plugin.so:path/to/another/plugin.so
A layer can use a plugin with the syntax:
-o lowerdir=//plugin-name/DATA-FOR-THE-PLUGIN/path
Each time a file/directory is looked up, if a plugin is registered for
a layer, the plugin is first notified about the request.
After the callback is invoked, fuse-overlayfs still expects the data
to be accessible at the specified directory.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
