-
Notifications
You must be signed in to change notification settings - Fork 34
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: atomfs mount: use squashfuse for non-root users
While stacker knows how to use squashfuse for 'stacker grab', that function simply keeps the squashfuse process running for the duration of the grab, then lets it close. For atomfs molecule.Mount, we must release that process. So when doing atomfs.Mount(), first check whether we are definitely NOT root using amHostRoot(). There is a corner case which can slip past this - namely if you, as root, create a userns wherein you map the full host uid range. However, you'll never have real root being told it wasn't real root. Second check whether we were requested not to try as real root. Third, if neither of those are the case, then try the regular mount syscall, requiring root. If that succeeds, or fails with a non-permission error, then return. If we are detected as not-real-root, or were requested to not try as real root, or if mount failed as real root with a permission error, then use squashfuse, and release the exec'd process so that it can outlive us. The actual squashfuse mount function is shared with the extract path. Signed-off-by: Serge Hallyn <serge@hallyn.com>
- Loading branch information
Showing
2 changed files
with
145 additions
and
32 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters