Re: [PATCH 0/2] overlayfs: C/R enhancements
From: Pavel Tikhomirov
Date: Fri Jun 05 2020 - 04:41:39 EST
On 6/5/20 5:35 AM, Amir Goldstein wrote:
On Fri, Jun 5, 2020 at 12:34 AM Alexander Mikhalitsyn
<alexander.mikhalitsyn@xxxxxxxxxxxxx> wrote:
Hello,
But overlayfs won't accept these "output only" options as input args,
which is a problem.
Will it be problematic if we simply ignore "lowerdir_mnt_id" and "upperdir_mnt_id" options in ovl_parse_opt()?
That would solve this small problem.
This is not a big problem actually as these options shown in mountinfo
for overlay had been "output only" forever, please see these two
examples below:
a) Imagine you've mounted overlay with relative paths and forgot (or you
never known as you are another user) where your cwd was at the moment of
mount syscall. - How would you use those options as "input" to create
the same overlay mount somethere else (bind-mounting not involved)?
b) Imagine you've mounted overlay with absolute paths and someone (other
user) overmounted lower (upper/workdir) paths for you, all directory
structure would be the same on overmount but yet files are different. -
How would you use those options from mountinfo as "input" ones?
We try to make them much closer to "input" ones.
Agreed, we should ignore *_mnt_id on mount because paths identify mounts
at the time of mount call.
Wouldn't it be better for C/R to implement mount options
that overlayfs can parse and pass it mntid and fhandle instead
of paths? >>
Problem is that we need to know on C/R "dump stage" which mounts are used on lower layers and upper layer. Most likely I don't understand something but I can't catch how "mount-time" options will help us.
As you already know from inotify/fanotify C/R fhandle is timeless, so
there would be no distinction between mount time and dump time.
Pair of fhandle+mnt_id looks an equivalent to path+mnt_id pair, CRIU
will just need to open fhandle+mnt_id with open_by_handle_at and
readlink to get path on dump and continue to use path+mnt_id as before.
(not too common with fhandles but it's my current understanding)
But if you take a look on (a) and (b) again, the regular user does not
see full information about overlay mount in /proc/pid/mountinfo, they
can't just take a look on it and understand from there it comes from.
Resolving fhandle looks like a too hard task for a user.
About mnt_id, your patches will cause the original mount-time mounts to be busy.
That is a problem as well.
Children mounts lock parent, open files lock parent. Another analogy is
a loop device which locks the backing file mount (AFAICS). Anyway one
can lazy umount, can't they? But I'm not too sure for this one, maybe
you can share more implications of this problem?
I think you should describe the use case is more details.
Is your goal to C/R any overlayfs mount that the process has open
files on? visible to process
We wan't to dump a container, not a simple process, if the container
process has access to some resource CRIU needs to restore this resource.
Imagine the process in container mounts it's own overlay inside
container, for instance to imulate write access to readonly mount or
just to implement some snapshots, don't know exact use case. And we want
to checkpoint/restore this container. (Currently CRIU only supports
overlay as external mount, e.g. for docker continers docker engine
pre-creates overlay for us and we just bind from it - it's a different
case.) If the in-container process creates the in-container mount we
need to recreate it on restore so that the in-container view of the
filesystem persists.
For NFS export, we use the persistent descriptor {uuid;fhandle}
(a.k.a. struct ovl_fh) to encode
an underlying layer object.
CRIU can look for an existing mount to a filesystem with uuid as restore stage
(or even mount this filesystem) and use open_by_handle_at() to open a
path to layer.
On restore we can be on another physical node, so I doubt we have same
uuid's, sorry I don't fully understand here already.
After mounting overlay, that mount to underlying fs can even be discarded.
And if this works for you, you don't have to export the layers ovl_fh in
/proc/mounts, you can export them in numerous other ways.
One way from the top of my head, getxattr on overlay root dir.
"trusted.overlay" xattr is anyway a reserved prefix, so "trusted.overlay.layers"
for example could work.
Thanks xattr might be a good option, but still don't forget about (a)
and (b), users like to know all information about mount from
/proc/pid/mountinfo.
Thanks,
Amir.
--
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.