mirror of
https://github.com/containers/fuse-overlayfs.git
synced 2025-09-09 07:16:11 -04:00
63abdc1138
introduce a new xattr "user.fuseoverlayfs.override_stat" that permit to override the reported uid/gid/mode for lower layers. It enables sharing storage among different users. Since it is not possible to use "user.*" xattrs for symlinks, provide also a privileged variant "security.fuseoverlayfs.override_stat", so the root user can create the xattr for symlinks as well. A script "fix-mode.py" is provided for converting an existing layer/storage to the new model. It is a destructive operation as every file is converted to mode 0755, thus it is not usable anymore with native overlay, or older versions of fuse-overlayfs. Example with Podman: Rootless: Modify /.config/containers/storage.conf and add under storage.options: additionalimagestores = ["/var/lib/shared-storage"] Assuming an empty local storage for the user: $ podman images REPOSITORY TAG IMAGE ID CREATED SIZE ReadOnly docker.io/library/fedora latest a368cbcfa678 5 weeks ago 189 MB true and the files show the original mode and owner: $ podman run --read-only --rm -ti docker.io/library/fedora ls -l / lrwxrwxrwx. 1 root root 7 Jan 28 2020 bin -> usr/bin dr-xr-xr-x. 2 root root 6 Jan 28 2020 boot drwxr-xr-x. 5 root root 360 Aug 15 13:26 dev drwxr-xr-x. 41 root root 4096 Jul 9 06:48 etc drwxr-xr-x. 2 root root 6 Jan 28 2020 home lrwxrwxrwx. 1 root root 7 Jan 28 2020 lib -> usr/lib lrwxrwxrwx. 1 root root 9 Jan 28 2020 lib64 -> usr/lib64 drwx------. 2 root root 6 Jul 9 06:48 lost+found drwxr-xr-x. 2 root root 6 Jan 28 2020 media drwxr-xr-x. 2 root root 6 Jan 28 2020 mnt drwxr-xr-x. 2 root root 6 Jan 28 2020 opt dr-xr-xr-x. 436 nobody nobody 0 Aug 15 13:26 proc dr-xr-x---. 2 root root 196 Jul 9 06:48 root drwxrwxrwt. 3 root root 80 Aug 15 13:26 run lrwxrwxrwx. 1 root root 8 Jan 28 2020 sbin -> usr/sbin drwxr-xr-x. 2 root root 6 Jan 28 2020 srv dr-xr-xr-x. 13 nobody nobody 0 Aug 5 21:38 sys drwxrwxrwt. 2 root root 60 Aug 15 13:26 tmp drwxr-xr-x. 12 root root 144 Jul 9 06:48 usr drwxr-xr-x. 18 root root 235 Jul 9 06:48 var Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
fuse-overlayfs
An implementation of overlay+shiftfs in FUSE for rootless containers.
Usage:
$ fuse-overlayfs -o lowerdir=lowerdir/a:lowerdir/b,upperdir=up,workdir=workdir merged
Specify a different UID/GID mapping:
$ fuse-overlayfs -o uidmapping=0:10:100:100:10000:2000,gidmapping=0:10:100:100:10000:2000,lowerdir=lowerdir/a:lowerdir/b,upperdir=up,workdir=workdir merged
Requirements:
If your are not using the static build as explained in the next chapter, your system needs libfuse > v3.2.1.
- On Fedora:
dnf install fuse3-devel - On Ubuntu > v19.04:
apt install libfuse3-dev
Also, please note that, when using fuse-overlayfs from a user namespace
(for example, when using rootless podman) a Linux Kernel > v4.18.0 is required.
Static Build:
This project provides a convenient way to automatically perform a static build using a container. The result is a self-contained binary without dependencies, that can be copied across hosts.
-
Install
buildahas explained here; -
Both the build and deploy host require the special device
/dev/fuse; there are a few ways to obtain it:
- install
fuse2orfuse3using the package manager of your choice (dnf, apt, pacman, etc): the install script will usually create the device automatically; or - manually create the device with the command
mknod /dev/fuse -m 0666 c 10 229(see this code)
-
Clone this repository, and switch to the top-level folder containing the file "
Dockerfile.static.ubuntu"; -
Launch the build with the command (note the single dot
.at the end):
buildah bud -v $PWD:/build/fuse-overlayfs -t fuse-overlayfs -f ./Dockerfile.static.ubuntu .
- Copy the resulting binary to your host:
sudo cp fuse-overlayfs /usr/bin/