lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Jun 2020 21:34:07 +0000 From: Alexander Mikhalitsyn <alexander.mikhalitsyn@...tuozzo.com> To: Amir Goldstein <amir73il@...il.com> CC: Miklos Szeredi <miklos@...redi.hu>, Andrey Vagin <avagin@...tuozzo.com>, Pavel Tikhomirov <ptikhomirov@...tuozzo.com>, Konstantin Khorenko <khorenko@...tuozzo.com>, Vasiliy Averin <vvs@...tuozzo.com>, Kirill Tkhai <ktkhai@...tuozzo.com>, overlayfs <linux-unionfs@...r.kernel.org>, linux-kernel <linux-kernel@...r.kernel.org> Subject: Re: [PATCH 0/2] overlayfs: C/R enhancements Hello, >But overlayfs won't accept these "output only" options as input args, which is a problem. Will it be problematic if we simply ignore "lowerdir_mnt_id" and "upperdir_mnt_id" options in ovl_parse_opt()? >Wouldn't it be better for C/R to implement mount options that overlayfs can parse and pass it mntid and fhandle instead of paths? Problem is that we need to know on C/R "dump stage" which mounts are used on lower layers and upper layer. Most likely I don't understand something but I can't catch how "mount-time" options will help us. >I believe C/R is using a similar method to export inotify/fanotify marks. Yes, we are using fhandles to C/R inotify/fanotify. On "dump" we get fhandle from /proc/<pid>/fdinfo and on "restore" we open fhandle through open_by_handle_at() syscall. Regards, Alex ________________________________________ From: Amir Goldstein <amir73il@...il.com> Sent: Thursday, June 4, 2020 21:04 To: Alexander Mikhalitsyn Cc: Miklos Szeredi; Andrey Vagin; Pavel Tikhomirov; Konstantin Khorenko; Vasiliy Averin; Kirill Tkhai; overlayfs; linux-kernel Subject: Re: [PATCH 0/2] overlayfs: C/R enhancements On Thu, Jun 4, 2020 at 7:13 PM Alexander Mikhalitsyn <alexander.mikhalitsyn@...tuozzo.com> wrote: > > This patchset aimed to make C/R of overlayfs mounts with CRIU possible. > We introduce two new overlayfs module options -- dyn_path_opts and > mnt_id_path_opts. If enabled this options allows to see real *full* paths > in lowerdir, workdir, upperdir options, and also mnt_ids for corresponding > paths. > > This changes should not break anything because for showing mnt_ids we simply > introduce new show-time mount options. And for paths we simply *always* > provide *full paths* instead of relative path on mountinfo. > > BEFORE > > overlay on /var/lib/docker/overlay2/XYZ/merged type overlay (rw,relatime, > lowerdir=/var/lib/docker/overlay2/XYZ-init/diff:/var/lib/docker/overlay2/ > ABC/diff,upperdir=/var/lib/docker/overlay2/XYZ/diff,workdir=/var/lib/docker > /overlay2/XYZ/work) > none on /sys type sysfs (rw,relatime) > > AFTER > > overlay on /var/lib/docker/overlay2/XYZ/merged type overlay (rw,relatime, > lowerdir=/var/lib/docker/overlay2/XYZ-init/diff:/var/lib/docker/overlay2/ > ABC/diff,upperdir=/var/lib/docker/overlay2/XYZ/diff,workdir=/var/lib/docker > /overlay2/XYZ/work,lowerdir_mnt_id=175:175,upperdir_mnt_id=175) > none on /sys type sysfs (rw,relatime) > But overlayfs won't accept these "output only" options as input args, which is a problem. Wouldn't it be better for C/R to implement mount options that overlayfs can parse and pass it mntid and fhandle instead of paths? I believe C/R is using a similar method to export inotify/fanotify marks. FWIW overlayfs already has utilities that encode filehandle to text and back, see ovl_get_index_name(). Thanks, Amir.
Powered by blists - more mailing lists