common/overlay: allow data directory name with colon character #3505
Conversation
|
Can one of the admins verify this patch? |
|
@rktbot ok to test |
| } | ||
|
|
||
| func TestMount(t *testing.T) { | ||
| if os.Geteuid() != 0 { |
There was a problem hiding this comment.
Unfortunately, Go syscall wrapper does not allow (due to mentioned in the comments reason) to gain root privileges: syscall/syscall_linux.go#L861. Link to the original issue: golang/go#1435.
Therefore I didn't find anything smarter than run these tests only when they've been launched with superuser privileges.
|
I'm pretty leery of testing actual mounting/overlay behaviour here. What about just splitting out the construction of the mount incantation into a function and testing that instead? |
When you say leery, you want me to remove the introduced tests?
Sure, I will do it. |
Sorry, that was a bit vague - I mean I'm not sure it's a good idea for a unit test since it has particular requirements (an overlay-supporting kernel, root permissions) and can be invasive to the host OS (messing with mounts). But come to think of it, maybe it's something we could add to the functional tests? It is nice to have such comprehensive behaviour testing, and the functional tests already have such demands - https://github.com/coreos/rkt/tree/master/tests |
|
Oh I see, thank you. This sounds reasonable to me, I will move that tests into the |
|
That is strange, I will resubmit the latest changes to trigger the build again. |
|
That looks like a Semaphore flake, probably they're upgrading their OS or
something
…On 3 January 2017 at 16:37, Yasha Bubnov ***@***.***> wrote:
That is strange, semaphoreci failed on ./tests/install-deps.sh # Setup
step: https://semaphoreci.com/coreos/rkt/branches/pull-
request-3505/builds/2
I will resubmit the latest changes to trigger the build again.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#3505 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ACewNwTMfQSuijb9jujvlwZcTRlX6dnuks5rOms1gaJpZM4LZnPL>
.
|
|
Looks the kernel of machines provided by I added the same check to |
| // The opts returns options for mount system call. | ||
| func (cfg *MountCfg) opts() string { | ||
| opts := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", | ||
| sanitize(cfg.Lower), sanitize(cfg.Upper), sanitize(cfg.Work)) |
There was a problem hiding this comment.
Just a nit to be consistent:
fmt.Sprintf(
"lowerdir=%s,upperdir=%s,workdir=%s",
sanitize(cfg.Lower), sanitize(cfg.Upper), sanitize(cfg.Work),
),
| return strings.Replace(dir, ":", "\\:", -1) | ||
| } | ||
|
|
||
| // The opts returns options for mount system call. |
There was a problem hiding this comment.
// opts returns options for mount system call.
| @@ -219,6 +219,19 @@ func createTempDirOrPanic(dirName string) string { | |||
| return tmpDir | |||
| } | |||
|
|
|||
| // The createFileOrPanic creates an empty file within the given directory | |||
| // with a specified name. Panics if file creation fails for any reason. | |||
| func createFileOrPanic(dirName, fileName string) string { | |||
There was a problem hiding this comment.
// createFileOrPanic ...
| // The sanitize escapes the colon symbol in order to support the dir names | ||
| // with this character, otherwise it will be treated as a separator between | ||
| // the directory names. | ||
| func sanitize(dir string) string { |
There was a problem hiding this comment.
// sanitize escapes the ...
| } | ||
|
|
||
| // The opts returns options for mount system call. | ||
| func (cfg *MountCfg) opts() string { |
There was a problem hiding this comment.
This could be public, i.e. Opts(), since it has no side-effects.
| ) | ||
|
|
||
| func overlayMount(cfg overlay.MountCfg) error { | ||
| // Create a temporary directories with a configured prefix. |
There was a problem hiding this comment.
// Create temporary directories...
| // with a specified name. Panics if file creation fails for any reason. | ||
| func createFileOrPanic(dirName, fileName string) string { | ||
| name := filepath.Join(dirName, fileName) | ||
| file, err := os.OpenFile(name, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0600) |
There was a problem hiding this comment.
why not simply os.Create(...)? The only difference would be that it is created using 0666 mode vs 0600, but I don't think that matters here.
There was a problem hiding this comment.
Right, it does not matter in this situation, I initially thought about close-exec flag, but as this function used only in tests this is, probably, not that important as well. So as you proposed, I changed to os.Create function.
|
Squashed the changes into the single commit. |
|
Thanks for the patch @ybubnov! I may be wrong, but I think |
|
@lucab, I tested the |
| @@ -23,6 +23,10 @@ import ( | |||
| "github.com/hashicorp/errwrap" | |||
| ) | |||
|
|
|||
| // sanitizer defines a string translator used to escape colon and coma | |||
There was a problem hiding this comment.
Minor grammar issue here and in other place in this commit: "comma" (with double m).
| "syscall" | ||
|
|
||
| "github.com/coreos/rkt/pkg/label" | ||
| "github.com/hashicorp/errwrap" | ||
| ) | ||
|
|
||
| // sanitizer defines a string translator used to escape colon and coma | ||
| // characters in the directories names. | ||
| var sanitizer = strings.NewReplacer(":", "\\:", ",", "\\,") |
There was a problem hiding this comment.
Sorry for not spotting this earlier, but if I understand correctly the \\ (double-slash) in here is just for golang string escaping, right? To make a bit clearer that we are doing the escaping for overlayfs here, would you mind changing this into raw strings with a single slash?
| {MountCfg{"/tmp/test,1", "/tmp/test,2", "/tmp/test,3", "", ""}, | ||
| "lowerdir=/tmp/test\\,1,upperdir=/tmp/test\\,2,workdir=/tmp/test\\,3"}, | ||
| {MountCfg{"/tmp/,1,1", "/tmp/,,2", "/tmp/,3,", "", ""}, | ||
| "lowerdir=/tmp/\\,1\\,1,upperdir=/tmp/\\,\\,2,workdir=/tmp/\\,3\\,"}, |
There was a problem hiding this comment.
Same for the double-slash, escaping and raw strings here.
| // characters in the directories names. | ||
| var sanitizer = strings.NewReplacer(":", "\\:", ",", "\\,") | ||
| var sanitizer = strings.NewReplacer(`:`, `\:`, `,`, `\,`) |
There was a problem hiding this comment.
I redefined all characters as raw strings for the sake of consistency.
|
I'm fine with this now, thanks. Just squash the changes together in the first single commit and we should be ready to go! |
|
Thanks, squashed the changes into the single commit. |
This patch provides an sanitizing function used to escape the colon characters in the directory names of the mount command. According to the Linux documentation https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt it is used as a separator symbol in case of multi lower-layer mount. Separates the mount options rendering, thus make it possible to write pure unit tests for common/overlay package. Functional tests, that validates common/overlay.Mount function moved to the "tests" sub-directory.
|
It seems, introduced changes are constantly causing the failure of the I don't know if it is a known issue: #3477, or caused by new code. |
|
No worry, that is a known ephemeral test failure we are currently chasing, unrelated to your PR. |
lucab
added
reviewed/lgtm
reviewed/merge-on-green
and removed
needs/more-information
labels
|
@ybubnov thanks so much for your work here! |
This patch provides an sanitizing function used to escape the colon characters in the directory names of the
mountcommand.According to the Linux documentation https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt it
is used as a separator symbol in case of multi lower-layer mount.
It also provides the unit tests for common/overlay package, that is possible to execute only with superuser privileges.
Fixes #3448