[mirror_lxc.git] / src / lxc / bdev / overlay.c

/*
 * lxc: linux Container library
 *
 * (C) Copyright IBM Corp. 2007, 2008
 *
 * Authors:
 * Daniel Lezcano <daniel.lezcano at free.fr>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 */

#define _GNU_SOURCE
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include "bdev.h"
#include "conf.h"
#include "confile.h"
#include "log.h"
#include "lxccontainer.h"
#include "overlay.h"
#include "utils.h"

lxc_log_define(overlay, lxc);

struct ovl_rsync_data {
	struct bdev *orig;
	struct bdev *new;
};

/* defined in lxccontainer.c: needs to become common helper */
extern int do_rsync(const char *src, const char *dest);

/* defined in lxccontainer.c: needs to become common helper */
extern char *dir_new_path(char *src, const char *oldname, const char *name,
			  const char *oldpath, const char *lxcpath);

char *overlay_getlower(char *p)
{
	char *p1 = strchr(p, ':');
	if (p1)
		*p1 = '\0';
	return p;
}

int overlayfs_detect(const char *path)
{
	if (strncmp(path, "overlayfs:", 10) == 0)
		return 1; // take their word for it
	return 0;
}

static char *overlayfs_name;
static char *detect_overlayfs_name(void)
{
	char *v = "overlayfs";
	char *line = NULL;
	size_t len = 0;
	FILE *f = fopen("/proc/filesystems", "r");
	if (!f)
		return v;

	while (getline(&line, &len, f) != -1) {
		if (strcmp(line, "nodev\toverlay\n") == 0) {
			v = "overlay";
			break;
		}
	}

	fclose(f);
	free(line);
	return v;
}

/* XXXXXXX plain directory bind mount ops */
int overlayfs_mount(struct bdev *bdev)
{
	char *options, *dup, *lower, *upper;
	char *options_work, *work, *lastslash;
	int lastslashidx;
	int len, len2;
	unsigned long mntflags;
	char *mntdata;
	int ret, ret2;

	if (strcmp(bdev->type, "overlayfs"))
		return -22;
	if (!bdev->src || !bdev->dest)
		return -22;

	// defined in bdev.c
	if (!overlayfs_name)
		overlayfs_name = detect_overlayfs_name();

	//  separately mount it first
	//  mount -t overlayfs -oupperdir=${upper},lowerdir=${lower} lower dest
	dup = alloca(strlen(bdev->src)+1);
	strcpy(dup, bdev->src);
	if (!(lower = strchr(dup, ':')))
		return -22;
	if (!(upper = strchr(++lower, ':')))
		return -22;
	*upper = '\0';
	upper++;

	// if delta doesn't yet exist, create it
	if (mkdir_p(upper, 0755) < 0 && errno != EEXIST)
		return -22;

	// overlayfs.v22 or higher needs workdir option
	// if upper is /var/lib/lxc/c2/delta0,
	// then workdir is /var/lib/lxc/c2/olwork
	lastslash = strrchr(upper, '/');
	if (!lastslash)
		return -22;
	lastslash++;
	lastslashidx = lastslash - upper;

	work = alloca(lastslashidx + 7);
	strncpy(work, upper, lastslashidx+7);
	strcpy(work+lastslashidx, "olwork");

	if (parse_mntopts(bdev->mntopts, &mntflags, &mntdata) < 0) {
		free(mntdata);
		return -22;
	}

	if (mkdir_p(work, 0755) < 0 && errno != EEXIST) {
		free(mntdata);
		return -22;
	}

	// TODO We should check whether bdev->src is a blockdev, and if so
	// but for now, only support overlays of a basic directory

	if (mntdata) {
		len = strlen(lower) + strlen(upper) + strlen("upperdir=,lowerdir=,") + strlen(mntdata) + 1;
		options = alloca(len);
		ret = snprintf(options, len, "upperdir=%s,lowerdir=%s,%s", upper, lower, mntdata);

		len2 = strlen(lower) + strlen(upper) + strlen(work)
			+ strlen("upperdir=,lowerdir=,workdir=") + strlen(mntdata) + 1;
		options_work = alloca(len2);
		ret2 = snprintf(options, len2, "upperdir=%s,lowerdir=%s,workdir=%s,%s",
				upper, lower, work, mntdata);
	}
	else {
		len = strlen(lower) + strlen(upper) + strlen("upperdir=,lowerdir=") + 1;
		options = alloca(len);
		ret = snprintf(options, len, "upperdir=%s,lowerdir=%s", upper, lower);

		len2 = strlen(lower) + strlen(upper) + strlen(work)
			+ strlen("upperdir=,lowerdir=,workdir=") + 1;
		options_work = alloca(len2);
		ret2 = snprintf(options_work, len2, "upperdir=%s,lowerdir=%s,workdir=%s",
			upper, lower, work);
	}
	if (ret < 0 || ret >= len || ret2 < 0 || ret2 >= len2) {
		free(mntdata);
		return -1;
	}

	// mount without workdir option for overlayfs before v21
	ret = mount(lower, bdev->dest, overlayfs_name, MS_MGC_VAL | mntflags, options);
	if (ret < 0) {
		INFO("overlayfs: error mounting %s onto %s options %s. retry with workdir",
			lower, bdev->dest, options);

		// retry with workdir option for overlayfs v22 and higher
		ret = mount(lower, bdev->dest, overlayfs_name, MS_MGC_VAL | mntflags, options_work);
		if (ret < 0)
			SYSERROR("overlayfs: error mounting %s onto %s options %s",
				lower, bdev->dest, options_work);
		else
			INFO("overlayfs: mounted %s onto %s options %s",
				lower, bdev->dest, options_work);
	}
	else
		INFO("overlayfs: mounted %s onto %s options %s",
			lower, bdev->dest, options);
	return ret;
}

int overlayfs_umount(struct bdev *bdev)
{
	if (strcmp(bdev->type, "overlayfs"))
		return -22;
	if (!bdev->src || !bdev->dest)
		return -22;
	return umount(bdev->dest);
}

static int ovl_rsync(struct ovl_rsync_data *data)
{
	int ret;

	if (setgid(0) < 0) {
		ERROR("Failed to setgid to 0");
		return -1;
	}
	if (setgroups(0, NULL) < 0)
		WARN("Failed to clear groups");
	if (setuid(0) < 0) {
		ERROR("Failed to setuid to 0");
		return -1;
	}

	if (unshare(CLONE_NEWNS) < 0) {
		SYSERROR("Unable to unshare mounts ns");
		return -1;
	}
	if (detect_shared_rootfs()) {
		if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL)) {
			SYSERROR("Failed to make / rslave");
			ERROR("Continuing...");
		}
	}
	if (overlayfs_mount(data->orig) < 0) {
		ERROR("Failed mounting original container fs");
		return -1;
	}
	if (overlayfs_mount(data->new) < 0) {
		ERROR("Failed mounting new container fs");
		return -1;
	}
	ret = do_rsync(data->orig->dest, data->new->dest);

	overlayfs_umount(data->new);
	overlayfs_umount(data->orig);

	if (ret < 0) {
		ERROR("rsyncing %s to %s", data->orig->dest, data->new->dest);
		return -1;
	}

	return 0;
}

static int ovl_rsync_wrapper(void *data)
{
	struct ovl_rsync_data *arg = data;
	return ovl_rsync(arg);
}

static int ovl_do_rsync(struct bdev *orig, struct bdev *new, struct lxc_conf *conf)
{
	int ret = -1;
	struct ovl_rsync_data rdata;

	rdata.orig = orig;
	rdata.new = new;
	if (am_unpriv())
		ret = userns_exec_1(conf, ovl_rsync_wrapper, &rdata);
	else
		ret = ovl_rsync(&rdata);
	if (ret)
		ERROR("copying overlayfs delta");

	return ret;
}

int overlayfs_clonepaths(struct bdev *orig, struct bdev *new, const char *oldname,
		const char *cname, const char *oldpath, const char *lxcpath, int snap,
		uint64_t newsize, struct lxc_conf *conf)
{
	if (!snap) {
		ERROR("overlayfs is only for snapshot clones");
		return -22;
	}

	if (!orig->src || !orig->dest)
		return -1;

	new->dest = dir_new_path(orig->dest, oldname, cname, oldpath, lxcpath);
	if (!new->dest)
		return -1;
	if (mkdir_p(new->dest, 0755) < 0)
		return -1;

	if (am_unpriv() && chown_mapped_root(new->dest, conf) < 0)
		WARN("Failed to update ownership of %s", new->dest);

	if (strcmp(orig->type, "dir") == 0) {
		char *delta, *lastslash;
		char *work;
		int ret, len, lastslashidx;

		// if we have /var/lib/lxc/c2/rootfs, then delta will be
		//            /var/lib/lxc/c2/delta0
		lastslash = strrchr(new->dest, '/');
		if (!lastslash)
			return -22;
		if (strlen(lastslash) < 7)
			return -22;
		lastslash++;
		lastslashidx = lastslash - new->dest;

		delta = malloc(lastslashidx + 7);
		if (!delta)
			return -1;
		strncpy(delta, new->dest, lastslashidx+1);
		strcpy(delta+lastslashidx, "delta0");
		if ((ret = mkdir(delta, 0755)) < 0) {
			SYSERROR("error: mkdir %s", delta);
			free(delta);
			return -1;
		}
		if (am_unpriv() && chown_mapped_root(delta, conf) < 0)
			WARN("Failed to update ownership of %s", delta);

		// make workdir for overlayfs.v22 or higher
		// workdir is /var/lib/lxc/c2/olwork
		// it is used to prepare files before atomically swithing with destination,
		// and needs to be on the same filesystem as upperdir,
		// so it's OK for it to be empty.
		work = malloc(lastslashidx + 7);
		if (!work) {
			free(delta);
			return -1;
		}
		strncpy(work, new->dest, lastslashidx+1);
		strcpy(work+lastslashidx, "olwork");
		if (mkdir(work, 0755) < 0) {
			SYSERROR("error: mkdir %s", work);
			free(delta);
			free(work);
			return -1;
		}
		if (am_unpriv() && chown_mapped_root(work, conf) < 0)
			WARN("Failed to update ownership of %s", work);
		free(work);

		// the src will be 'overlayfs:lowerdir:upperdir'
		len = strlen(delta) + strlen(orig->src) + 12;
		new->src = malloc(len);
		if (!new->src) {
			free(delta);
			return -ENOMEM;
		}
		ret = snprintf(new->src, len, "overlayfs:%s:%s", orig->src, delta);
		free(delta);
		if (ret < 0 || ret >= len)
			return -ENOMEM;
	} else if (strcmp(orig->type, "overlayfs") == 0) {
		// What exactly do we want to do here?
		// I think we want to use the original lowerdir, with a
		// private delta which is originally rsynced from the
		// original delta
		char *osrc, *odelta, *nsrc, *ndelta, *work;
		char *lastslash;
		int len, ret, lastslashidx;
		if (!(osrc = strdup(orig->src)))
			return -22;
		nsrc = strchr(osrc, ':') + 1;
		if (nsrc != osrc + 10 || (odelta = strchr(nsrc, ':')) == NULL) {
			free(osrc);
			return -22;
		}
		*odelta = '\0';
		odelta++;
		ndelta = dir_new_path(odelta, oldname, cname, oldpath, lxcpath);
		if (!ndelta) {
			free(osrc);
			return -ENOMEM;
		}
		if ((ret = mkdir(ndelta, 0755)) < 0 && errno != EEXIST) {
			SYSERROR("error: mkdir %s", ndelta);
			free(osrc);
			free(ndelta);
			return -1;
		}
		if (am_unpriv() && chown_mapped_root(ndelta, conf) < 0)
			WARN("Failed to update ownership of %s", ndelta);

		// make workdir for overlayfs.v22 or higher
		// for details, see above.
		lastslash = strrchr(ndelta, '/');
		if (!lastslash)
			return -1;
		lastslash++;
		lastslashidx = lastslash - ndelta;

		work = malloc(lastslashidx + 7);
		if (!work)
			return -1;
		strncpy(work, ndelta, lastslashidx+1);
		strcpy(work+lastslashidx, "olwork");
		if ((mkdir(work, 0755) < 0) && errno != EEXIST) {
			SYSERROR("error: mkdir %s", work);
			free(work);
			return -1;
		}
		if (am_unpriv() && chown_mapped_root(work, conf) < 0)
			WARN("Failed to update ownership of %s", work);
		free(work);

		len = strlen(nsrc) + strlen(ndelta) + 12;
		new->src = malloc(len);
		if (!new->src) {
			free(osrc);
			free(ndelta);
			return -ENOMEM;
		}
		ret = snprintf(new->src, len, "overlayfs:%s:%s", nsrc, ndelta);
		free(osrc);
		free(ndelta);
		if (ret < 0 || ret >= len)
			return -ENOMEM;

		return ovl_do_rsync(orig, new, conf);
	} else {
		ERROR("overlayfs clone of %s container is not yet supported",
			orig->type);
		// Note, supporting this will require overlayfs_mount supporting
		// mounting of the underlay.  No big deal, just needs to be done.
		return -1;
	}

	return 0;
}

int overlayfs_destroy(struct bdev *orig)
{
	char *upper;

	if (strncmp(orig->src, "overlayfs:", 10) != 0)
		return -22;
	upper = strchr(orig->src + 10, ':');
	if (!upper)
		return -22;
	upper++;
	return lxc_rmdir_onedev(upper, NULL);
}

/*
 * to say 'lxc-create -t ubuntu -n o1 -B overlayfs' means you want
 * $lxcpath/$lxcname/rootfs to have the created container, while all
 * changes after starting the container are written to
 * $lxcpath/$lxcname/delta0
 */
int overlayfs_create(struct bdev *bdev, const char *dest, const char *n,
			struct bdev_specs *specs)
{
	char *delta;
	int ret, len = strlen(dest), newlen;

	if (len < 8 || strcmp(dest+len-7, "/rootfs") != 0)
		return -1;

	if (!(bdev->dest = strdup(dest))) {
		ERROR("Out of memory");
		return -1;
	}

	delta = alloca(strlen(dest)+1);
	strcpy(delta, dest);
	strcpy(delta+len-6, "delta0");

	if (mkdir_p(delta, 0755) < 0) {
		ERROR("Error creating %s", delta);
		return -1;
	}

	/* overlayfs:lower:upper */
	newlen = (2 * len) + strlen("overlayfs:") + 2;
	bdev->src = malloc(newlen);
	if (!bdev->src) {
		ERROR("Out of memory");
		return -1;
	}
	ret = snprintf(bdev->src, newlen, "overlayfs:%s:%s", dest, delta);
	if (ret < 0 || ret >= newlen)
		return -1;

	if (mkdir_p(bdev->dest, 0755) < 0) {
		ERROR("Error creating %s", bdev->dest);
		return -1;
	}

	return 0;
}

/*
 * To be called from lxcapi_clone() in lxccontainer.c: When we clone a container
 * with overlay lxc.mount.entry entries we need to update absolute paths for
 * upper- and workdir. This update is done in two locations:
 * lxc_conf->unexpanded_config and lxc_conf->mount_list. Both updates are done
 * independent of each other since lxc_conf->mountlist may container more mount
 * entries (e.g. from other included files) than lxc_conf->unexpanded_config .
 */
int update_ovl_paths(struct lxc_conf *lxc_conf, const char *lxc_path,
		     const char *lxc_name, const char *newpath,
		     const char *newname)
{
	char new_upper[MAXPATHLEN];
	char new_work[MAXPATHLEN];
	char old_upper[MAXPATHLEN];
	char old_work[MAXPATHLEN];
	char *cleanpath = NULL;
	int i;
	int fret = -1;
	int ret = 0;
	struct lxc_list *iterator;
	const char *ovl_dirs[] = {"br", "upperdir", "workdir"};

	cleanpath = strdup(newpath);
	if (!cleanpath)
		goto err;

	remove_trailing_slashes(cleanpath);

	/* We have to update lxc_conf->unexpanded_config separately from
	*  lxc_conf->mount_list. */
	for (i = 0; i < sizeof(ovl_dirs) / sizeof(ovl_dirs[0]); i++) {
		if (!clone_update_unexp_ovl_paths(lxc_conf, lxc_path, newpath,
						  lxc_name, newname,
						  ovl_dirs[i]))
			goto err;
	}

	ret = snprintf(old_work, MAXPATHLEN, "workdir=%s/%s", lxc_path, lxc_name);
	if (ret < 0 || ret >= MAXPATHLEN)
		goto err;

	ret = snprintf(new_work, MAXPATHLEN, "workdir=%s/%s", cleanpath, newname);
	if (ret < 0 || ret >= MAXPATHLEN)
		goto err;

	lxc_list_for_each(iterator, &lxc_conf->mount_list) {
		char *mnt_entry = NULL;
		char *new_mnt_entry = NULL;
		char *tmp = NULL;
		char *tmp_mnt_entry = NULL;
		mnt_entry = iterator->elem;

		if (strstr(mnt_entry, "overlay"))
			tmp = "upperdir";
		else if (strstr(mnt_entry, "aufs"))
			tmp = "br";

		if (!tmp)
			continue;

		ret = snprintf(old_upper, MAXPATHLEN, "%s=%s/%s", tmp, lxc_path, lxc_name);
		if (ret < 0 || ret >= MAXPATHLEN)
			goto err;

		ret = snprintf(new_upper, MAXPATHLEN, "%s=%s/%s", tmp, cleanpath, newname);
		if (ret < 0 || ret >= MAXPATHLEN)
			goto err;

		if (strstr(mnt_entry, old_upper)) {
			tmp_mnt_entry = lxc_string_replace(old_upper, new_upper, mnt_entry);
		}

		if (strstr(mnt_entry, old_work)) {
			if (tmp_mnt_entry)
				new_mnt_entry = lxc_string_replace(old_work, new_work, tmp_mnt_entry);
			else
				new_mnt_entry = lxc_string_replace(old_work, new_work, mnt_entry);
		}

		if (new_mnt_entry) {
			free(iterator->elem);
			iterator->elem = strdup(new_mnt_entry);
		} else if (tmp_mnt_entry) {
			free(iterator->elem);
			iterator->elem = strdup(tmp_mnt_entry);
		}

		free(new_mnt_entry);
		free(tmp_mnt_entry);
	}

	fret = 0;
err:
	free(cleanpath);
	return fret;
}
Commit	Line	Data
38683db4 CB	1	/*
	2	* lxc: linux Container library
	3	*
	4	* (C) Copyright IBM Corp. 2007, 2008
	5	*
	6	* Authors:
	7	* Daniel Lezcano <daniel.lezcano at free.fr>
	8	*
	9	* This library is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU Lesser General Public
	11	* License as published by the Free Software Foundation; either
	12	* version 2.1 of the License, or (at your option) any later version.
	13	*
	14	* This library is distributed in the hope that it will be useful,
	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	17	* Lesser General Public License for more details.
	18	*
	19	* You should have received a copy of the GNU Lesser General Public
	20	* License along with this library; if not, write to the Free Software
	21	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
	22	*/
	23
	24	#define _GNU_SOURCE
	25	#include <errno.h>
	26	#include <stdio.h>
	27	#include <stdlib.h>
	28	#include <string.h>
	29
	30	#include "bdev.h"
	31	#include "conf.h"
	32	#include "confile.h"
	33	#include "log.h"
	34	#include "lxccontainer.h"
	35	#include "overlay.h"
	36	#include "utils.h"
	37
	38	lxc_log_define(overlay, lxc);
	39
	40	struct ovl_rsync_data {
	41	struct bdev *orig;
	42	struct bdev *new;
	43	};
	44
	45	/* defined in lxccontainer.c: needs to become common helper */
	46	extern int do_rsync(const char src, const char dest);
	47
	48	/* defined in lxccontainer.c: needs to become common helper */
	49	extern char dir_new_path(char src, const char oldname, const char name,
	50	const char oldpath, const char lxcpath);
	51
	52	char overlay_getlower(char p)
	53	{
	54	char *p1 = strchr(p, ':');
	55	if (p1)
	56	*p1 = '\0';
	57	return p;
	58	}
	59
	60	int overlayfs_detect(const char *path)
	61	{
	62	if (strncmp(path, "overlayfs:", 10) == 0)
	63	return 1; // take their word for it
	64	return 0;
65	}
66
67	static char *overlayfs_name;
68	static char *detect_overlayfs_name(void)
69	{
70	char *v = "overlayfs";
71	char *line = NULL;
72	size_t len = 0;
73	FILE *f = fopen("/proc/filesystems", "r");
74	if (!f)
75	return v;
76
77	while (getline(&line, &len, f) != -1) {
78	if (strcmp(line, "nodev\toverlay\n") == 0) {
79	v = "overlay";
80	break;
81	}
82	}
83
84	fclose(f);
85	free(line);
86	return v;
87	}
88
89	/* XXXXXXX plain directory bind mount ops */
90	int overlayfs_mount(struct bdev *bdev)
91	{
92	char options, dup, lower, upper;
93	char options_work, work, *lastslash;
94	int lastslashidx;
95	int len, len2;
96	unsigned long mntflags;
97	char *mntdata;
98	int ret, ret2;
99
100	if (strcmp(bdev->type, "overlayfs"))
101	return -22;
102	if (!bdev->src \|\| !bdev->dest)
103	return -22;
104
105	// defined in bdev.c
106	if (!overlayfs_name)
107	overlayfs_name = detect_overlayfs_name();
108
109	// separately mount it first
110	// mount -t overlayfs -oupperdir=${upper},lowerdir=${lower} lower dest
111	dup = alloca(strlen(bdev->src)+1);
112	strcpy(dup, bdev->src);
113	if (!(lower = strchr(dup, ':')))
114	return -22;
115	if (!(upper = strchr(++lower, ':')))
116	return -22;
117	*upper = '\0';
118	upper++;
119
120	// if delta doesn't yet exist, create it
121	if (mkdir_p(upper, 0755) < 0 && errno != EEXIST)
122	return -22;
123
124	// overlayfs.v22 or higher needs workdir option
125	// if upper is /var/lib/lxc/c2/delta0,
126	// then workdir is /var/lib/lxc/c2/olwork
127	lastslash = strrchr(upper, '/');
128	if (!lastslash)
129	return -22;
130	lastslash++;
131	lastslashidx = lastslash - upper;
132
133	work = alloca(lastslashidx + 7);
134	strncpy(work, upper, lastslashidx+7);
135	strcpy(work+lastslashidx, "olwork");
136
137	if (parse_mntopts(bdev->mntopts, &mntflags, &mntdata) < 0) {
138	free(mntdata);
139	return -22;
140	}
141
142	if (mkdir_p(work, 0755) < 0 && errno != EEXIST) {
143	free(mntdata);
144	return -22;
145	}
146
147	// TODO We should check whether bdev->src is a blockdev, and if so
148	// but for now, only support overlays of a basic directory
149
150	if (mntdata) {
151	len = strlen(lower) + strlen(upper) + strlen("upperdir=,lowerdir=,") + strlen(mntdata) + 1;
152	options = alloca(len);
153	ret = snprintf(options, len, "upperdir=%s,lowerdir=%s,%s", upper, lower, mntdata);
154
155	len2 = strlen(lower) + strlen(upper) + strlen(work)
156	+ strlen("upperdir=,lowerdir=,workdir=") + strlen(mntdata) + 1;
157	options_work = alloca(len2);
158	ret2 = snprintf(options, len2, "upperdir=%s,lowerdir=%s,workdir=%s,%s",
159	upper, lower, work, mntdata);
160	}
161	else {
162	len = strlen(lower) + strlen(upper) + strlen("upperdir=,lowerdir=") + 1;
163	options = alloca(len);
164	ret = snprintf(options, len, "upperdir=%s,lowerdir=%s", upper, lower);
165
166	len2 = strlen(lower) + strlen(upper) + strlen(work)
167	+ strlen("upperdir=,lowerdir=,workdir=") + 1;
168	options_work = alloca(len2);
169	ret2 = snprintf(options_work, len2, "upperdir=%s,lowerdir=%s,workdir=%s",
170	upper, lower, work);
171	}
172	if (ret < 0 \|\| ret >= len \|\| ret2 < 0 \|\| ret2 >= len2) {
173	free(mntdata);
174	return -1;
175	}
176
177	// mount without workdir option for overlayfs before v21
178	ret = mount(lower, bdev->dest, overlayfs_name, MS_MGC_VAL \| mntflags, options);
179	if (ret < 0) {
180	INFO("overlayfs: error mounting %s onto %s options %s. retry with workdir",
181	lower, bdev->dest, options);
182
183	// retry with workdir option for overlayfs v22 and higher
184	ret = mount(lower, bdev->dest, overlayfs_name, MS_MGC_VAL \| mntflags, options_work);
185	if (ret < 0)
186	SYSERROR("overlayfs: error mounting %s onto %s options %s",
187	lower, bdev->dest, options_work);
188	else
189	INFO("overlayfs: mounted %s onto %s options %s",
190	lower, bdev->dest, options_work);
191	}
192	else
193	INFO("overlayfs: mounted %s onto %s options %s",
194	lower, bdev->dest, options);
195	return ret;
196	}
197
198	int overlayfs_umount(struct bdev *bdev)
199	{
200	if (strcmp(bdev->type, "overlayfs"))
201	return -22;
202	if (!bdev->src \|\| !bdev->dest)
203	return -22;
204	return umount(bdev->dest);
205	}
206
207	static int ovl_rsync(struct ovl_rsync_data *data)
208	{
209	int ret;
210
211	if (setgid(0) < 0) {
212	ERROR("Failed to setgid to 0");
213	return -1;
214	}
215	if (setgroups(0, NULL) < 0)
216	WARN("Failed to clear groups");
217	if (setuid(0) < 0) {
218	ERROR("Failed to setuid to 0");
219	return -1;
220	}
221
222	if (unshare(CLONE_NEWNS) < 0) {
223	SYSERROR("Unable to unshare mounts ns");
224	return -1;
225	}
226	if (detect_shared_rootfs()) {
227	if (mount(NULL, "/", NULL, MS_SLAVE\|MS_REC, NULL)) {
228	SYSERROR("Failed to make / rslave");
229	ERROR("Continuing...");
230	}
231	}
232	if (overlayfs_mount(data->orig) < 0) {
233	ERROR("Failed mounting original container fs");
234	return -1;
235	}
236	if (overlayfs_mount(data->new) < 0) {
237	ERROR("Failed mounting new container fs");
238	return -1;
239	}
240	ret = do_rsync(data->orig->dest, data->new->dest);
241
242	overlayfs_umount(data->new);
243	overlayfs_umount(data->orig);
244
245	if (ret < 0) {
246	ERROR("rsyncing %s to %s", data->orig->dest, data->new->dest);
247	return -1;
248	}
249
250	return 0;
251	}
252
253	static int ovl_rsync_wrapper(void *data)
254	{
255	struct ovl_rsync_data *arg = data;
256	return ovl_rsync(arg);
257	}
258
259	static int ovl_do_rsync(struct bdev orig, struct bdev new, struct lxc_conf *conf)
260	{
261	int ret = -1;
262	struct ovl_rsync_data rdata;
263
264	rdata.orig = orig;
265	rdata.new = new;
266	if (am_unpriv())
267	ret = userns_exec_1(conf, ovl_rsync_wrapper, &rdata);
268	else
269	ret = ovl_rsync(&rdata);
270	if (ret)
271	ERROR("copying overlayfs delta");
272
273	return ret;
274	}
275
276	int overlayfs_clonepaths(struct bdev orig, struct bdev new, const char *oldname,
277	const char cname, const char oldpath, const char *lxcpath, int snap,
278	uint64_t newsize, struct lxc_conf *conf)
279	{
280	if (!snap) {
281	ERROR("overlayfs is only for snapshot clones");
282	return -22;
283	}
284
285	if (!orig->src \|\| !orig->dest)
286	return -1;
287
288	new->dest = dir_new_path(orig->dest, oldname, cname, oldpath, lxcpath);
289	if (!new->dest)
290	return -1;
291	if (mkdir_p(new->dest, 0755) < 0)
292	return -1;
293
294	if (am_unpriv() && chown_mapped_root(new->dest, conf) < 0)
295	WARN("Failed to update ownership of %s", new->dest);
296
297	if (strcmp(orig->type, "dir") == 0) {
298	char delta, lastslash;
299	char *work;
300	int ret, len, lastslashidx;
301
302	// if we have /var/lib/lxc/c2/rootfs, then delta will be
303	// /var/lib/lxc/c2/delta0
304	lastslash = strrchr(new->dest, '/');
305	if (!lastslash)
306	return -22;
307	if (strlen(lastslash) < 7)
308	return -22;
309	lastslash++;
310	lastslashidx = lastslash - new->dest;
311
312	delta = malloc(lastslashidx + 7);
313	if (!delta)
314	return -1;
315	strncpy(delta, new->dest, lastslashidx+1);
316	strcpy(delta+lastslashidx, "delta0");
317	if ((ret = mkdir(delta, 0755)) < 0) {
318	SYSERROR("error: mkdir %s", delta);
319	free(delta);
320	return -1;
321	}
322	if (am_unpriv() && chown_mapped_root(delta, conf) < 0)
323	WARN("Failed to update ownership of %s", delta);
324
325	// make workdir for overlayfs.v22 or higher
326	// workdir is /var/lib/lxc/c2/olwork
327	// it is used to prepare files before atomically swithing with destination,
328	// and needs to be on the same filesystem as upperdir,
329	// so it's OK for it to be empty.
330	work = malloc(lastslashidx + 7);
331	if (!work) {
332	free(delta);
333	return -1;
334	}
335	strncpy(work, new->dest, lastslashidx+1);
336	strcpy(work+lastslashidx, "olwork");
337	if (mkdir(work, 0755) < 0) {
338	SYSERROR("error: mkdir %s", work);
339	free(delta);
340	free(work);
341	return -1;
342	}
343	if (am_unpriv() && chown_mapped_root(work, conf) < 0)
344	WARN("Failed to update ownership of %s", work);
345	free(work);
346
347	// the src will be 'overlayfs:lowerdir:upperdir'
348	len = strlen(delta) + strlen(orig->src) + 12;
349	new->src = malloc(len);
350	if (!new->src) {
351	free(delta);
352	return -ENOMEM;
353	}
354	ret = snprintf(new->src, len, "overlayfs:%s:%s", orig->src, delta);
355	free(delta);
356	if (ret < 0 \|\| ret >= len)
357	return -ENOMEM;
358	} else if (strcmp(orig->type, "overlayfs") == 0) {
359	// What exactly do we want to do here?
360	// I think we want to use the original lowerdir, with a
361	// private delta which is originally rsynced from the
362	// original delta
363	char osrc, odelta, nsrc, ndelta, *work;
364	char *lastslash;
365	int len, ret, lastslashidx;
366	if (!(osrc = strdup(orig->src)))
367	return -22;
368	nsrc = strchr(osrc, ':') + 1;
369	if (nsrc != osrc + 10 \|\| (odelta = strchr(nsrc, ':')) == NULL) {
370	free(osrc);
371	return -22;
372	}
373	*odelta = '\0';
374	odelta++;
375	ndelta = dir_new_path(odelta, oldname, cname, oldpath, lxcpath);
376	if (!ndelta) {
377	free(osrc);
378	return -ENOMEM;
379	}
380	if ((ret = mkdir(ndelta, 0755)) < 0 && errno != EEXIST) {
381	SYSERROR("error: mkdir %s", ndelta);
382	free(osrc);
383	free(ndelta);
384	return -1;
385	}
386	if (am_unpriv() && chown_mapped_root(ndelta, conf) < 0)
387	WARN("Failed to update ownership of %s", ndelta);
388
389	// make workdir for overlayfs.v22 or higher
390	// for details, see above.
391	lastslash = strrchr(ndelta, '/');
392	if (!lastslash)
393	return -1;
394	lastslash++;
395	lastslashidx = lastslash - ndelta;
396
397	work = malloc(lastslashidx + 7);
398	if (!work)
399	return -1;
400	strncpy(work, ndelta, lastslashidx+1);
401	strcpy(work+lastslashidx, "olwork");
402	if ((mkdir(work, 0755) < 0) && errno != EEXIST) {
403	SYSERROR("error: mkdir %s", work);
404	free(work);
405	return -1;
406	}
407	if (am_unpriv() && chown_mapped_root(work, conf) < 0)
408	WARN("Failed to update ownership of %s", work);
409	free(work);
410
411	len = strlen(nsrc) + strlen(ndelta) + 12;
412	new->src = malloc(len);
413	if (!new->src) {
414	free(osrc);
415	free(ndelta);
416	return -ENOMEM;
417	}
418	ret = snprintf(new->src, len, "overlayfs:%s:%s", nsrc, ndelta);
419	free(osrc);
420	free(ndelta);
421	if (ret < 0 \|\| ret >= len)
422	return -ENOMEM;
423
424	return ovl_do_rsync(orig, new, conf);
425	} else {
426	ERROR("overlayfs clone of %s container is not yet supported",
427	orig->type);
428	// Note, supporting this will require overlayfs_mount supporting
429	// mounting of the underlay. No big deal, just needs to be done.
430	return -1;
431	}
432
433	return 0;
434	}
435
436	int overlayfs_destroy(struct bdev *orig)
437	{
438	char *upper;
439
440	if (strncmp(orig->src, "overlayfs:", 10) != 0)
441	return -22;
442	upper = strchr(orig->src + 10, ':');
443	if (!upper)
444	return -22;
445	upper++;
446	return lxc_rmdir_onedev(upper, NULL);
447	}
448
449	/*
450	* to say 'lxc-create -t ubuntu -n o1 -B overlayfs' means you want
451	* $lxcpath/$lxcname/rootfs to have the created container, while all
452	* changes after starting the container are written to
453	* $lxcpath/$lxcname/delta0
454	*/
455	int overlayfs_create(struct bdev bdev, const char dest, const char *n,
456	struct bdev_specs *specs)
457	{
458	char *delta;
459	int ret, len = strlen(dest), newlen;
460
461	if (len < 8 \|\| strcmp(dest+len-7, "/rootfs") != 0)
462	return -1;
463
464	if (!(bdev->dest = strdup(dest))) {
465	ERROR("Out of memory");
466	return -1;
467	}
468
469	delta = alloca(strlen(dest)+1);
470	strcpy(delta, dest);
471	strcpy(delta+len-6, "delta0");
472
473	if (mkdir_p(delta, 0755) < 0) {
474	ERROR("Error creating %s", delta);
475	return -1;
476	}
477
478	/* overlayfs:lower:upper */
479	newlen = (2 * len) + strlen("overlayfs:") + 2;
480	bdev->src = malloc(newlen);
481	if (!bdev->src) {
482	ERROR("Out of memory");
483	return -1;
484	}
485	ret = snprintf(bdev->src, newlen, "overlayfs:%s:%s", dest, delta);
486	if (ret < 0 \|\| ret >= newlen)
487	return -1;
488
489	if (mkdir_p(bdev->dest, 0755) < 0) {
490	ERROR("Error creating %s", bdev->dest);
491	return -1;
492	}
493
494	return 0;
495	}
496
497	/*
498	* To be called from lxcapi_clone() in lxccontainer.c: When we clone a container
499	* with overlay lxc.mount.entry entries we need to update absolute paths for
500	* upper- and workdir. This update is done in two locations:
501	* lxc_conf->unexpanded_config and lxc_conf->mount_list. Both updates are done
502	* independent of each other since lxc_conf->mountlist may container more mount
503	* entries (e.g. from other included files) than lxc_conf->unexpanded_config .
504	*/
505	int update_ovl_paths(struct lxc_conf lxc_conf, const char lxc_path,
506	const char lxc_name, const char newpath,
507	const char *newname)
508	{
509	char new_upper[MAXPATHLEN];
510	char new_work[MAXPATHLEN];
511	char old_upper[MAXPATHLEN];
512	char old_work[MAXPATHLEN];
513	char *cleanpath = NULL;
514	int i;
515	int fret = -1;
516	int ret = 0;
517	struct lxc_list *iterator;
518	const char *ovl_dirs[] = {"br", "upperdir", "workdir"};
519
520	cleanpath = strdup(newpath);
521	if (!cleanpath)
522	goto err;
523
524	remove_trailing_slashes(cleanpath);
525
526	/* We have to update lxc_conf->unexpanded_config separately from
527	* lxc_conf->mount_list. */
528	for (i = 0; i < sizeof(ovl_dirs) / sizeof(ovl_dirs[0]); i++) {
529	if (!clone_update_unexp_ovl_paths(lxc_conf, lxc_path, newpath,
530	lxc_name, newname,
531	ovl_dirs[i]))
532	goto err;
533	}
534
535	ret = snprintf(old_work, MAXPATHLEN, "workdir=%s/%s", lxc_path, lxc_name);
536	if (ret < 0 \|\| ret >= MAXPATHLEN)
537	goto err;
538
539	ret = snprintf(new_work, MAXPATHLEN, "workdir=%s/%s", cleanpath, newname);
540	if (ret < 0 \|\| ret >= MAXPATHLEN)
541	goto err;
542
543	lxc_list_for_each(iterator, &lxc_conf->mount_list) {
544	char *mnt_entry = NULL;
545	char *new_mnt_entry = NULL;
546	char *tmp = NULL;
547	char *tmp_mnt_entry = NULL;
548	mnt_entry = iterator->elem;
549
550	if (strstr(mnt_entry, "overlay"))
551	tmp = "upperdir";
552	else if (strstr(mnt_entry, "aufs"))
553	tmp = "br";
554
555	if (!tmp)
556	continue;
557
558	ret = snprintf(old_upper, MAXPATHLEN, "%s=%s/%s", tmp, lxc_path, lxc_name);
559	if (ret < 0 \|\| ret >= MAXPATHLEN)
560	goto err;
561
562	ret = snprintf(new_upper, MAXPATHLEN, "%s=%s/%s", tmp, cleanpath, newname);
563	if (ret < 0 \|\| ret >= MAXPATHLEN)
564	goto err;
565
566	if (strstr(mnt_entry, old_upper)) {
567	tmp_mnt_entry = lxc_string_replace(old_upper, new_upper, mnt_entry);
568	}
569
570	if (strstr(mnt_entry, old_work)) {
571	if (tmp_mnt_entry)
572	new_mnt_entry = lxc_string_replace(old_work, new_work, tmp_mnt_entry);
573	else
574	new_mnt_entry = lxc_string_replace(old_work, new_work, mnt_entry);
575	}
576
577	if (new_mnt_entry) {
578	free(iterator->elem);
579	iterator->elem = strdup(new_mnt_entry);
580	} else if (tmp_mnt_entry) {
581	free(iterator->elem);
582	iterator->elem = strdup(tmp_mnt_entry);
583	}
584
585	free(new_mnt_entry);
586	free(tmp_mnt_entry);
587	}
588
589	fret = 0;
590	err:
591	free(cleanpath);
592	return fret;
593	}
594