beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
moby/daemon/archive_unix.go

229 lines
6.3 KiB
Go
Raw Normal View History

Update to Go 1.17.0, and gofmt with Go 1.17 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-23 13:14:53 +00:00
//go:build !windows
Windows: Factoring out unused fields Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-16 21:14:58 +00:00
Add canonical import comment Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-05 21:05:59 +00:00
package daemon // import "github.com/docker/docker/daemon"
Windows: Factoring out unused fields Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-16 21:14:58 +00:00
Remove package daemonbuilder. Currently, daemonbuilder package (part of daemon) implemented the builder backend. However, it was a very thin wrapper around daemon methods and caused an implementation dependency for api/server build endpoint. api/server buildrouter should only know about the backend implementing the /build API endpoint. Removing daemonbuilder involved moving build specific methods to respective files in the daemon, where they fit naturally. Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-01-20 23:32:02 +00:00
import (
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
"context"
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
"io"
"os"
"path/filepath"
"github.com/docker/docker/api/types"
api/types/events: define "Action" type and consts Define consts for the Actions we use for events, instead of "ad-hoc" strings. Having these consts makes it easier to find where specific events are triggered, makes the events less error-prone, and allows documenting each Action (if needed). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-26 13:24:46 +00:00
"github.com/docker/docker/api/types/events"
Windows: docker cp consistent paths Signed-off-by: John Howard <jhoward@microsoft.com>
2016-04-27 02:26:12 +00:00
"github.com/docker/docker/container"
daemon: replace ErrVolumeReadonly with errdefs It was only used in a single location, and the ErrVolumeReadonly was not checked for, or used as a sentinel error. This error was introduced in c32dde5baadc8c472666ef9d5cead13ab6de28ea. It was never used as a sentinel error, but from that commit, it looks like it was added as a package variable to mirror already existing errors defined at the package level. This patch removes the exported variable, and replaces the error with an errdefs.InvalidParameter(), so that the API also returns the correct (400) status code. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-27 20:17:27 +00:00
"github.com/docker/docker/errdefs"
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
"github.com/docker/docker/pkg/archive"
"github.com/docker/docker/pkg/ioutils"
Move mount parsing to separate package. This moves the platform specific stuff in a separate package and keeps the `volume` package and the defined interfaces light to import. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2018-04-17 20:50:28 +00:00
volumemounts "github.com/docker/docker/volume/mounts"
daemon: replace ErrVolumeReadonly with errdefs It was only used in a single location, and the ErrVolumeReadonly was not checked for, or used as a sentinel error. This error was introduced in c32dde5baadc8c472666ef9d5cead13ab6de28ea. It was never used as a sentinel error, but from that commit, it looks like it was added as a package variable to mirror already existing errors defined at the package level. This patch removes the exported variable, and replaces the error with an errdefs.InvalidParameter(), so that the API also returns the correct (400) status code. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-27 20:17:27 +00:00
"github.com/pkg/errors"
Remove package daemonbuilder. Currently, daemonbuilder package (part of daemon) implemented the builder backend. However, it was a very thin wrapper around daemon methods and caused an implementation dependency for api/server build endpoint. api/server buildrouter should only know about the backend implementing the /build API endpoint. Removing daemonbuilder involved moving build specific methods to respective files in the daemon, where they fit naturally. Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-01-20 23:32:02 +00:00
)
Move Container to its own package. So other packages don't need to import the daemon package when they want to use this struct. Signed-off-by: David Calavera <david.calavera@gmail.com> Signed-off-by: Tibor Vass <tibor@docker.com>
2015-11-12 19:55:17 +00:00
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
// containerStatPath stats the filesystem resource at the specified path in this
// container. Returns stat info about the resource.
func (daemon *Daemon) containerStatPath(container *container.Container, path string) (stat *types.ContainerPathStat, err error) {
container.Lock()
defer container.Unlock()
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
cfs, err := daemon.openContainerFS(container)
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
if err != nil {
return nil, err
}
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
defer cfs.Close()
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
return cfs.Stat(context.TODO(), path)
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
}
// containerArchivePath creates an archive of the filesystem resource at the specified
// path in this container. Returns a tar archive of the resource and stat info
// about the resource.
func (daemon *Daemon) containerArchivePath(container *container.Container, path string) (content io.ReadCloser, stat *types.ContainerPathStat, err error) {
container.Lock()
defer func() {
if err != nil {
// Wait to unlock the container until the archive is fully read
// (see the ReadCloseWrapper func below) or if there is an error
// before that occurs.
container.Unlock()
}
}()
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
cfs, err := daemon.openContainerFS(container)
if err != nil {
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
return nil, nil, err
}
defer func() {
if err != nil {
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
cfs.Close()
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
}
}()
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
absPath := archive.PreserveTrailingDotOrSeparator(filepath.Join("/", path), path)
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
stat, err = cfs.Stat(context.TODO(), absPath)
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
if err != nil {
return nil, nil, err
}
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
sourceDir, sourceBase := absPath, "."
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
if stat.Mode&os.ModeDir == 0 { // not dir
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
sourceDir, sourceBase = filepath.Split(absPath)
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
}
opts := archive.TarResourceRebaseOpts(sourceBase, filepath.Base(absPath))
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
tb, err := archive.NewTarballer(sourceDir, opts)
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
if err != nil {
return nil, nil, err
}
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
cfs.GoInFS(context.TODO(), tb.Do)
data := tb.Reader()
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
content = ioutils.NewReadCloserWrapper(data, func() error {
err := data.Close()
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
_ = cfs.Close()
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
container.Unlock()
return err
})
api/types/events: define "Action" type and consts Define consts for the Actions we use for events, instead of "ad-hoc" strings. Having these consts makes it easier to find where specific events are triggered, makes the events less error-prone, and allows documenting each Action (if needed). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-26 13:24:46 +00:00
daemon.LogContainerEvent(container, events.ActionArchivePath)
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
return content, stat, nil
}
// containerExtractToDir extracts the given tar archive to the specified location in the
// filesystem of this container. The given path must be of a directory in the
// container. If it is not, the error will be an errdefs.InvalidParameter. If
// noOverwriteDirNonDir is true then it will be an error if unpacking the
// given content would cause an existing directory to be replaced with a non-
// directory and vice versa.
func (daemon *Daemon) containerExtractToDir(container *container.Container, path string, copyUIDGID, noOverwriteDirNonDir bool, content io.Reader) (err error) {
container.Lock()
defer container.Unlock()
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
cfs, err := daemon.openContainerFS(container)
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
if err != nil {
return err
}
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
defer cfs.Close()
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
err = cfs.RunInFS(context.TODO(), func() error {
// The destination path needs to be resolved with all symbolic links
// followed. Note that we need to also evaluate the last path element if
// it is a symlink. This is so that you can extract an archive to a
// symlink that points to a directory.
absPath, err := filepath.EvalSymlinks(filepath.Join("/", path))
if err != nil {
return err
}
absPath = archive.PreserveTrailingDotOrSeparator(absPath, path)
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
stat, err := os.Lstat(absPath)
if err != nil {
return err
}
if !stat.IsDir() {
return errdefs.InvalidParameter(errors.New("extraction point is not a directory"))
}
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
// Need to check if the path is in a volume. If it is, it cannot be in a
// read-only volume. If it is not in a volume, the container cannot be
// configured with a read-only rootfs.
toVolume, err := checkIfPathIsInAVolume(container, absPath)
if err != nil {
return err
}
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
if !toVolume && container.HostConfig.ReadonlyRootfs {
return errdefs.InvalidParameter(errors.New("container rootfs is marked read-only"))
}
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
options := daemon.defaultTarCopyOptions(noOverwriteDirNonDir)
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
if copyUIDGID {
var err error
// tarCopyOptions will appropriately pull in the right uid/gid for the
// user/group and will set the options.
options, err = daemon.tarCopyOptions(container, noOverwriteDirNonDir)
if err != nil {
return err
}
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
}
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
return archive.Untar(content, absPath, options)
})
if err != nil {
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
return err
}
api/types/events: define "Action" type and consts Define consts for the Actions we use for events, instead of "ad-hoc" strings. Having these consts makes it easier to find where specific events are triggered, makes the events less error-prone, and allows documenting each Action (if needed). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-26 13:24:46 +00:00
daemon.LogContainerEvent(container, events.ActionExtractToDir)
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
return nil
}
func (daemon *Daemon) containerCopy(container *container.Container, resource string) (rc io.ReadCloser, err error) {
container.Lock()
defer func() {
if err != nil {
// Wait to unlock the container until the archive is fully read
// (see the ReadCloseWrapper func below) or if there is an error
// before that occurs.
container.Unlock()
}
}()
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
cfs, err := daemon.openContainerFS(container)
if err != nil {
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
return nil, err
}
defer func() {
if err != nil {
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
cfs.Close()
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
}
}()
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
err = cfs.RunInFS(context.TODO(), func() error {
_, err := os.Stat(resource)
return err
})
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
if err != nil {
return nil, err
}
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
tb, err := archive.NewTarballer(resource, &archive.TarOptions{
Compression: archive.Uncompressed,
})
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
if err != nil {
return nil, err
}
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
cfs.GoInFS(context.TODO(), tb.Do)
archv := tb.Reader()
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
reader := ioutils.NewReadCloserWrapper(archv, func() error {
err := archv.Close()
daemon: archive in a dedicated mount namespace Mounting a container's volumes under its rootfs directory inside the host mount namespace causes problems with cross-namespace mount propagation when /var/lib/docker is bind-mounted into the container as a volume. The mount event propagates into the container's mount namespace, overmounting the volume, but the propagated unmount events do not fully reverse the effect. Each archive operation causes the mount table in the container's mount namespace to grow larger and larger, until the kernel limiton the number of mounts in a namespace is hit. The only solution to this issue which is not subject to race conditions or other blocker caveats is to avoid mounting volumes into the container's rootfs directory in the host mount namespace in the first place. Mount the container volumes inside an unshared mount namespace to prevent any mount events from propagating into any other mount namespace. Greatly simplify the archiving implementations by also chrooting into the container rootfs to sidestep the need to resolve paths in the host. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-12 23:51:20 +00:00
_ = cfs.Close()
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
container.Unlock()
return err
})
api/types/events: define "Action" type and consts Define consts for the Actions we use for events, instead of "ad-hoc" strings. Having these consts makes it easier to find where specific events are triggered, makes the events less error-prone, and allows documenting each Action (if needed). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-26 13:24:46 +00:00
daemon.LogContainerEvent(container, events.ActionCopy)
daemon: dupe the archive implementation The Linux implementation needs to diverge significantly from the Windows one in order to fix platform-specific bugs. Cut the generic implementation out of daemon/archive.go and paste identical, verbatim copies of that implementation into daemon/archive_{windows,linux}.go to make it easier to compare the progression of changes to the respective implementations through Git history. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-07 22:28:45 +00:00
return reader, nil
}
Windows: Factoring out unused fields Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-16 21:14:58 +00:00
// checkIfPathIsInAVolume checks if the path is in a volume. If it is, it
// cannot be in a read-only volume. If it is not in a volume, the container
// cannot be configured with a read-only rootfs.
Move Container to its own package. So other packages don't need to import the daemon package when they want to use this struct. Signed-off-by: David Calavera <david.calavera@gmail.com> Signed-off-by: Tibor Vass <tibor@docker.com>
2015-11-12 19:55:17 +00:00
func checkIfPathIsInAVolume(container *container.Container, absPath string) (bool, error) {
Windows: Factoring out unused fields Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-16 21:14:58 +00:00
var toVolume bool
volume/mounts: remove "containerOS" argument from NewParser (LCOW code) This changes mounts.NewParser() to create a parser for the current operatingsystem, instead of one specific to a (possibly non-matching, in case of LCOW) OS. With the OS-specific handling being removed, the "OS" parameter is also removed from `daemon.verifyContainerSettings()`, and various other container-related functions. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-11 19:01:18 +00:00
parser := volumemounts.NewParser()
Windows: Factoring out unused fields Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-16 21:14:58 +00:00
for _, mnt := range container.MountPoints {
Volume refactoring for LCOW Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2017-08-01 17:32:44 +00:00
if toVolume = parser.HasResource(mnt, absPath); toVolume {
Windows: Factoring out unused fields Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-16 21:14:58 +00:00
if mnt.RW {
break
}
daemon: replace ErrVolumeReadonly with errdefs It was only used in a single location, and the ErrVolumeReadonly was not checked for, or used as a sentinel error. This error was introduced in c32dde5baadc8c472666ef9d5cead13ab6de28ea. It was never used as a sentinel error, but from that commit, it looks like it was added as a package variable to mirror already existing errors defined at the package level. This patch removes the exported variable, and replaces the error with an errdefs.InvalidParameter(), so that the API also returns the correct (400) status code. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-27 20:17:27 +00:00
return false, errdefs.InvalidParameter(errors.New("mounted volume is marked read-only"))
Windows: Factoring out unused fields Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-16 21:14:58 +00:00
}
}
return toVolume, nil
}
Reference in a new issue Copy permalink