make sure the inodes are created with mode 0755 when using
xattr_permissions, otherwise the original permission could prevent
running on NFS. Requires Linux 5.9 for NFS with xattr support.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
since these files need the -v option that is not present with Docker,
rename the files to Containerfile to avoid confusion.
more info: https://twitter.com/cpuguy83/status/1313523894536429568
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
if the reference held by the directory is the last one, it would miss
to clean up the inode. Fix it by calling do_forget.
Closes: https://github.com/containers/fuse-overlayfs/issues/238
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
adding the .wh. prefix could cause the lookup to cross the f_namemax
limit and fail the lookup with ENAMETOOLONG. If the lookup fails with
ENAMETOOLONG then the whiteout file doesn't exist.
Closes: https://github.com/containers/fuse-overlayfs/issues/236
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
honor the specified flags to fchownat.
commit 50787d38278fa41c1b3f8167ccfe13ec83d9a063 introduced the
regression.
Closes: https://github.com/containers/fuse-overlayfs/issues/233
Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
utils.c: file_exists_at: fallback to `fstatat` when `faccessat` fails with `EINVAL` (on musl).
.travis.yml: alpine test added.
main.c: reallocate path before appending.
Closes#174.
Signed-off-by: Max Goltzsche <max.goltzsche@gmail.com>
introduce a new xattr "user.fuseoverlayfs.override_stat" that permit
to override the reported uid/gid/mode for lower layers.
It enables sharing storage among different users.
Since it is not possible to use "user.*" xattrs for symlinks, provide
also a privileged variant "security.fuseoverlayfs.override_stat", so
the root user can create the xattr for symlinks as well.
A script "fix-mode.py" is provided for converting an existing
layer/storage to the new model. It is a destructive operation as
every file is converted to mode 0755, thus it is not usable anymore
with native overlay, or older versions of fuse-overlayfs.
Example with Podman:
Rootless:
Modify /.config/containers/storage.conf and add under storage.options:
additionalimagestores = ["/var/lib/shared-storage"]
Assuming an empty local storage for the user:
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE ReadOnly
docker.io/library/fedora latest a368cbcfa678 5 weeks ago 189 MB true
and the files show the original mode and owner:
$ podman run --read-only --rm -ti docker.io/library/fedora ls -l /
lrwxrwxrwx. 1 root root 7 Jan 28 2020 bin -> usr/bin
dr-xr-xr-x. 2 root root 6 Jan 28 2020 boot
drwxr-xr-x. 5 root root 360 Aug 15 13:26 dev
drwxr-xr-x. 41 root root 4096 Jul 9 06:48 etc
drwxr-xr-x. 2 root root 6 Jan 28 2020 home
lrwxrwxrwx. 1 root root 7 Jan 28 2020 lib -> usr/lib
lrwxrwxrwx. 1 root root 9 Jan 28 2020 lib64 -> usr/lib64
drwx------. 2 root root 6 Jul 9 06:48 lost+found
drwxr-xr-x. 2 root root 6 Jan 28 2020 media
drwxr-xr-x. 2 root root 6 Jan 28 2020 mnt
drwxr-xr-x. 2 root root 6 Jan 28 2020 opt
dr-xr-xr-x. 436 nobody nobody 0 Aug 15 13:26 proc
dr-xr-x---. 2 root root 196 Jul 9 06:48 root
drwxrwxrwt. 3 root root 80 Aug 15 13:26 run
lrwxrwxrwx. 1 root root 8 Jan 28 2020 sbin -> usr/sbin
drwxr-xr-x. 2 root root 6 Jan 28 2020 srv
dr-xr-xr-x. 13 nobody nobody 0 Aug 5 21:38 sys
drwxrwxrwt. 2 root root 60 Aug 15 13:26 tmp
drwxr-xr-x. 12 root root 144 Jul 9 06:48 usr
drwxr-xr-x. 18 root root 235 Jul 9 06:48 var
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
