From 7fadf7dfa3c5b753419d99fd670e6bf943868530 Mon Sep 17 00:00:00 2001 From: Michael McCracken Date: Mon, 30 Sep 2024 17:05:42 -0700 Subject: [PATCH 1/2] write molecule config to metadata path The molecule config contains the OCI path and tag, which is important if we want to track what container image is mounted at a particular path, and thus what container might need to stop if a verity error is detected in one of the atoms in the molecule it's using. This commit writes that config to a JSON file in the metadata path. Signed-off-by: Michael McCracken --- molecule.go | 5 +++++ oci.go | 14 ++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/molecule.go b/molecule.go index 619bec5..0b10c00 100644 --- a/molecule.go +++ b/molecule.go @@ -165,6 +165,11 @@ func (m Molecule) Mount(dest string) error { return err } + err = m.config.WriteToFile(filepath.Join(m.config.MetadataPath, "config.json")) + if err != nil { + return err + } + // now, do the actual overlay mount err = unix.Mount("overlay", dest, "overlay", 0, mntOpts) return errors.Wrapf(err, "couldn't do overlay mount to %s, opts: %s", dest, mntOpts) diff --git a/oci.go b/oci.go index 2e9fc15..6668e78 100644 --- a/oci.go +++ b/oci.go @@ -1,6 +1,8 @@ package atomfs import ( + "encoding/json" + "io/ioutil" "path" ispec "github.com/opencontainers/image-spec/specs-go/v1" @@ -26,6 +28,18 @@ func (c MountOCIOpts) MountedAtomsPath(parts ...string) string { return path.Join(append([]string{mounts}, parts...)...) } +func (c MountOCIOpts) WriteToFile(filename string) error { + b, err := json.Marshal(c) + if err != nil { + return err + } + err = ioutil.WriteFile(filename, b, 0644) + if err != nil { + return err + } + return nil +} + func BuildMoleculeFromOCI(opts MountOCIOpts) (Molecule, error) { oci, err := umoci.OpenLayout(opts.OCIDir) if err != nil { From 98626babe05600596385afd72bb910682e3118f4 Mon Sep 17 00:00:00 2001 From: Michael McCracken Date: Mon, 30 Sep 2024 17:08:03 -0700 Subject: [PATCH 2/2] Move metadata path to /run In order to make it trivial to read the config.json for a given mount, move the metadata path to /run/atomfs/meta/$munged-mountpt-name/ Signed-off-by: Michael McCracken --- cmd/atomfs/mount.go | 25 +++++++++++++++++++++---- cmd/atomfs/umount.go | 13 +++++++------ cmd/atomfs/utils.go | 10 ++++++++++ 3 files changed, 38 insertions(+), 10 deletions(-) diff --git a/cmd/atomfs/mount.go b/cmd/atomfs/mount.go index 22df8c2..a0bbb93 100644 --- a/cmd/atomfs/mount.go +++ b/cmd/atomfs/mount.go @@ -70,7 +70,12 @@ func doMount(ctx *cli.Context) error { os.Exit(1) } target := ctx.Args()[1] - metadir := filepath.Join(target, "meta") + absTarget, err := filepath.Abs(target) + if err != nil { + return err + } + + metadir := filepath.Join("/run", "atomfs", "meta", ReplacePathSeparators(absTarget)) complete := false @@ -92,12 +97,24 @@ func doMount(ctx *cli.Context) error { if err = EnsureDir(rodest); err != nil { return err } + absOCIDir, err := filepath.Abs(ocidir) + if err != nil { + return err + } + absMetadir, err := filepath.Abs(metadir) + if err != nil { + return err + } + absRODest, err := filepath.Abs(rodest) + if err != nil { + return err + } opts := atomfs.MountOCIOpts{ - OCIDir: ocidir, - MetadataPath: metadir, + OCIDir: absOCIDir, + MetadataPath: absMetadir, Tag: tag, - Target: rodest, + Target: absRODest, } mol, err := atomfs.BuildMoleculeFromOCI(opts) diff --git a/cmd/atomfs/umount.go b/cmd/atomfs/umount.go index a889f09..fbe86de 100644 --- a/cmd/atomfs/umount.go +++ b/cmd/atomfs/umount.go @@ -50,11 +50,12 @@ func doUmount(ctx *cli.Context) error { errs = append(errs, fmt.Errorf("Failed unmounting %s: %v", mountpoint, err)) } - // Now that we've unmounted the mountpoint, we expect the following - // under there: - // $mountpoint/meta/ro - the original readonly overlay mountpoint - // $mountpoint/meta/mounts/* - the original squashfs mounts - metadir := filepath.Join(mountpoint, "meta") + // We expect the following in the metadir + // + // $metadir/ro - the original readonly overlay mountpoint + // $metadir/meta/mounts/* - the original squashfs mounts + // $metadir/meta/config.json + metadir := filepath.Join("/run/atomfs/meta", ReplacePathSeparators(mountpoint)) p := filepath.Join(metadir, "ro") err = syscall.Unmount(p, 0) if err != nil { @@ -65,7 +66,7 @@ func doUmount(ctx *cli.Context) error { mounts, err := os.ReadDir(mountsdir) if err != nil { errs = append(errs, fmt.Errorf("Failed reading list of mounts: %v", err)) - return fmt.Errorf("Encountered errors: %#v", errs) + return fmt.Errorf("Encountered errors: %v", errs) } for _, m := range mounts { diff --git a/cmd/atomfs/utils.go b/cmd/atomfs/utils.go index dc811fb..0c0fa5f 100644 --- a/cmd/atomfs/utils.go +++ b/cmd/atomfs/utils.go @@ -3,6 +3,7 @@ package main import ( "fmt" "os" + "strings" ) func EnsureDir(dir string) error { @@ -20,3 +21,12 @@ func PathExists(d string) bool { } return true } + +// remove dir separators to make one dir name. It is OK that this can't be +// cleanly backed out, we don't need it to +func ReplacePathSeparators(p string) string { + if p[0] == '/' { + p = p[1:] + } + return strings.ReplaceAll(p, "/", "-") +}