mirror of
https://github.com/containers/podman
synced 2024-10-21 17:53:44 +00:00
a090301bbb
Traditionally, the path resolution for containers has been resolved on the *host*; relative to the container's mount point or relative to specified bind mounts or volumes. While this works nicely for non-running containers, it poses a problem for running ones. In that case, certain kinds of mounts (e.g., tmpfs) will not resolve correctly. A tmpfs is held in memory and hence cannot be resolved relatively to the container's mount point. A copy operation will succeed but the data will not show up inside the container. To support these kinds of mounts, we need to join the *running* container's mount namespace (and PID namespace) when copying. Note that this change implies moving the copy and stat logic into `libpod` since we need to keep the container locked to avoid race conditions. The immediate benefit is that all logic is now inside `libpod`; the code isn't scattered anymore. Further note that Docker does not support copying to tmpfs mounts. Tests have been extended to cover *both* path resolutions for running and created containers. New tests have been added to exercise the tmpfs-mount case. For the record: Some tests could be improved by using `start -a` instead of a start-exec sequence. Unfortunately, `start -a` is flaky in the CI which forced me to use the more expensive start-exec option. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
105 lines
2.9 KiB
Go
105 lines
2.9 KiB
Go
package copy
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"encoding/json"
|
|
"net/http"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"github.com/containers/podman/v3/libpod/define"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
// XDockerContainerPathStatHeader is the *key* in http headers pointing to the
|
|
// base64 encoded JSON payload of stating a path in a container.
|
|
const XDockerContainerPathStatHeader = "X-Docker-Container-Path-Stat"
|
|
|
|
// ErrENOENT mimics the stdlib's ErrENOENT and can be used to implement custom logic
|
|
// while preserving the user-visible error message.
|
|
var ErrENOENT = errors.New("No such file or directory")
|
|
|
|
// FileInfo describes a file or directory and is returned by
|
|
// (*CopyItem).Stat().
|
|
type FileInfo = define.FileInfo
|
|
|
|
// EncodeFileInfo serializes the specified FileInfo as a base64 encoded JSON
|
|
// payload. Intended for Docker compat.
|
|
func EncodeFileInfo(info *FileInfo) (string, error) {
|
|
buf, err := json.Marshal(&info)
|
|
if err != nil {
|
|
return "", errors.Wrap(err, "failed to serialize file stats")
|
|
}
|
|
return base64.URLEncoding.EncodeToString(buf), nil
|
|
}
|
|
|
|
// ExtractFileInfoFromHeader extracts a base64 encoded JSON payload of a
|
|
// FileInfo in the http header. If no such header entry is found, nil is
|
|
// returned. Intended for Docker compat.
|
|
func ExtractFileInfoFromHeader(header *http.Header) (*FileInfo, error) {
|
|
rawData := header.Get(XDockerContainerPathStatHeader)
|
|
if len(rawData) == 0 {
|
|
return nil, nil
|
|
}
|
|
|
|
info := FileInfo{}
|
|
base64Decoder := base64.NewDecoder(base64.URLEncoding, strings.NewReader(rawData))
|
|
if err := json.NewDecoder(base64Decoder).Decode(&info); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &info, nil
|
|
}
|
|
|
|
// ResolveHostPath resolves the specified, possibly relative, path on the host.
|
|
func ResolveHostPath(path string) (*FileInfo, error) {
|
|
resolvedHostPath, err := filepath.Abs(path)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
resolvedHostPath = PreserveBasePath(path, resolvedHostPath)
|
|
|
|
statInfo, err := os.Stat(resolvedHostPath)
|
|
if err != nil {
|
|
if os.IsNotExist(err) {
|
|
return nil, ErrENOENT
|
|
}
|
|
return nil, err
|
|
}
|
|
|
|
return &FileInfo{
|
|
Name: statInfo.Name(),
|
|
Size: statInfo.Size(),
|
|
Mode: statInfo.Mode(),
|
|
ModTime: statInfo.ModTime(),
|
|
IsDir: statInfo.IsDir(),
|
|
LinkTarget: resolvedHostPath,
|
|
}, nil
|
|
}
|
|
|
|
// PreserveBasePath makes sure that the original base path (e.g., "/" or "./")
|
|
// is preserved. The filepath API among tends to clean up a bit too much but
|
|
// we *must* preserve this data by all means.
|
|
func PreserveBasePath(original, resolved string) string {
|
|
// Handle "/"
|
|
if strings.HasSuffix(original, "/") {
|
|
if !strings.HasSuffix(resolved, "/") {
|
|
resolved += "/"
|
|
}
|
|
return resolved
|
|
}
|
|
|
|
// Handle "/."
|
|
if strings.HasSuffix(original, "/.") {
|
|
if strings.HasSuffix(resolved, "/") { // could be root!
|
|
resolved += "."
|
|
} else if !strings.HasSuffix(resolved, "/.") {
|
|
resolved += "/."
|
|
}
|
|
return resolved
|
|
}
|
|
|
|
return resolved
|
|
}
|