The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/6395
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
From 0246c7602974b73e823808b32e136305b8262bd8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgra...@ubuntu.com>
Date: Mon, 4 Nov 2019 11:01:39 -0500
Subject: [PATCH 1/2] lxd/storage/drivers: Add mountReadOnly helper
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
---
lxd/storage/drivers/utils.go | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/lxd/storage/drivers/utils.go b/lxd/storage/drivers/utils.go
index c0bbdafe82..2bd353691a 100644
--- a/lxd/storage/drivers/utils.go
+++ b/lxd/storage/drivers/utils.go
@@ -59,6 +59,28 @@ func forceUnmount(path string) (bool, error) {
}
}
+func mountReadOnly(srcPath string, dstPath string) (bool, error) {
+ // Check if already mounted.
+ if shared.IsMountPoint(dstPath) {
+ return false, nil
+ }
+
+ // Create a mount entry.
+ err := tryMount(srcPath, dstPath, "none", unix.MS_BIND, "")
+ if err != nil {
+ return false, err
+ }
+
+ // Make it read-only.
+ err = tryMount("", dstPath, "none",
unix.MS_BIND|unix.MS_RDONLY|unix.MS_REMOUNT, "")
+ if err != nil {
+ forceUnmount(dstPath)
+ return false, err
+ }
+
+ return true, nil
+}
+
func sameMount(srcPath string, dstPath string) bool {
// Get the source vfs path information
var srcFsStat unix.Statfs_t
From 23736eb7100493c3e27360ed2b9256e2d8242a26 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgra...@ubuntu.com>
Date: Mon, 4 Nov 2019 11:01:56 -0500
Subject: [PATCH 2/2] lxd/storage/dir: Make snapshot mounts read-only
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
---
lxd/storage/drivers/driver_dir.go | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/lxd/storage/drivers/driver_dir.go
b/lxd/storage/drivers/driver_dir.go
index 61ed55a992..09f317a765 100644
--- a/lxd/storage/drivers/driver_dir.go
+++ b/lxd/storage/drivers/driver_dir.go
@@ -663,10 +663,10 @@ func (d *dir) MountVolume(volType VolumeType, volName
string, op *operations.Ope
return false, nil
}
-// MountVolumeSnapshot simulates mounting a volume snapshot. As dir driver
doesn't have volumes to
-// mount it returns false indicating that there is no need to issue an unmount.
+// MountVolumeSnapshot sets up a read-only mount on top of the snapshot to
avoid accidental modifications.
func (d *dir) MountVolumeSnapshot(volType VolumeType, volName, snapshotName
string, op *operations.Operation) (bool, error) {
- return false, nil
+ snapPath := GetVolumeMountPath(d.name, volType,
GetSnapshotVolumeName(volName, snapshotName))
+ return mountReadOnly(snapPath, snapPath)
}
// UnmountVolume simulates unmounting a volume. As dir driver doesn't have
volumes to unmount it
@@ -675,10 +675,10 @@ func (d *dir) UnmountVolume(volType VolumeType, volName
string, op *operations.O
return false, nil
}
-// UnmountVolume simulates unmounting a volume snapshot. As dir driver doesn't
have volumes to
-// unmount it returns false indicating the volume was already unmounted.
+// UnmountVolumeSnapshot removes the read-only mount placed on top of a
snapshot.
func (d *dir) UnmountVolumeSnapshot(volType VolumeType, volName, snapshotName
string, op *operations.Operation) (bool, error) {
- return false, nil
+ snapPath := GetVolumeMountPath(d.name, volType,
GetSnapshotVolumeName(volName, snapshotName))
+ return forceUnmount(snapPath)
}
// quotaProjectID generates a project quota ID from a volume ID.
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
