Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

content-service: ignore the error of user.overlay.(impure|origin) attributes #10372

Merged
merged 2 commits into from
Jun 1, 2022
Merged

content-service: ignore the error of user.overlay.(impure|origin) attributes #10372

merged 2 commits into from
Jun 1, 2022

Conversation

utam0k
Copy link
Contributor

@utam0k utam0k commented May 31, 2022

Description

user.overlay.(impure|origin) attributes is a marker to match inodes for overlayfs, such as when an upper layer copies a lower layer file in overlayfs.
However, when restoring content, the container in the workspace is not always running, so there is no problem ignoring the failure.
https://github.com/hisilicon/overlayfs-progs/blob/e10ef686570d9c7eff42f52461593a5c15da56bd/README#L62

Related Issue(s)

Fixes #10108

How to test

No errors including logs with the following steps

  1. Open https://to-impure-dir.preview.gitpod-dev.com/#https://github.com/utam0k/gitpod-playground/tree/prebuild-docker
  2. Stop the workspace when opening the workspace is completely
  3. Reopen the workspace

Release Notes

content-service: Ignore errors in attributes settings

Documentation

No

@utam0k utam0k requested a review from a team May 31, 2022 08:21
@github-actions github-actions bot added the team: workspace Issue belongs to the Workspace team label May 31, 2022
@aledbf
Copy link
Member

aledbf commented May 31, 2022
edited
Loading

@utam0k can we confirm dockerd/containerd is not running when we create the backup?

@utam0k
Copy link
Contributor Author

utam0k commented May 31, 2022

@utam0k can we confirm dockerd/containerd is not running when we create the backup?

This issue was also reproduced by simply pulling the image.

@utam0k
Copy link
Contributor Author

utam0k commented May 31, 2022

@aledbf I had a suspicion that the container process was running, but is there a problem with the daemon itself?

@aledbf
Copy link
Member

aledbf commented May 31, 2022

@aledbf I had a suspicion that the container process was running, but is there a problem with the daemon itself?

The daemon should not be running when we create the tar file. Maybe we are including temporal files if that's the case?

@utam0k
Copy link
Contributor Author

utam0k commented May 31, 2022

@aledbf Sorry, but what did temporal files point out?
This is the error when I pull with docker and docker-compose with this repository and restart
https://github.com/utam0k/gitpod-playground/tree/prebuild-docker-compose
https://cloudlogging.app.goo.gl/3HRd2Pi9PEtTfW6d8

@aledbf
Copy link
Member

aledbf commented May 31, 2022

@utam0k what about

for key, value := range xattrs {
	// do not set trusted attributes
	if strings.HasPrefix(key, "trusted.") {
		continue
	}

	// This is a marker to match inodes, such as when an upper layer copies a lower layer file in overlayfs.
	// However, when restoring a content, the container in the workspace is not always running, so there is no problem ignoring the failure.
	if strings.HasSuffix(key, ".overlay.impure") || strings.HasSuffix(key, ".overlay.origin") {
		continue
	}

	if err := unix.Lsetxattr(name, key, []byte(value), 0); err != nil {
		if err == syscall.ENOTSUP || err == syscall.EPERM {
			continue
		}

		log.WithField("name", key).WithField("value", value).WithField("file", name).WithError(err).Warn("restoring extended attributes")
		return err
	}
}

@utam0k
Copy link
Contributor Author

utam0k commented May 31, 2022

@aledbf Thanks for your good review! PTAL

@roboquat roboquat merged commit bfcb0a9 into main Jun 1, 2022
@roboquat roboquat deleted the to/impure-dir branch June 1, 2022 08:44
@roboquat roboquat added deployed: workspace Workspace team change is running in production deployed Change is completely running in production labels Jun 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Furisto Furisto Furisto approved these changes

Assignees
No one assigned
Labels
deployed: workspace Workspace team change is running in production deployed Change is completely running in production release-note size/S team: workspace Issue belongs to the Workspace team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Permission denied when accessing .docker-root/overlay2
4 participants
@utam0k @aledbf @Furisto @roboquat