Use storage that better supports rootless overlayfs

overlayfs -- the kernel's version, not fuse-overlayfs -- recently learned
(as of linux 5.16.0, I believe) how to support rootless users. Previously,
rootless users had to use these storage.conf(5) settings:

* storage.driver=vfs          (aka STORAGE_DRIVER=vfs), or
* storage.driver=overlay      (aka STORAGE_DRIVER=overlay),
  storage.options.overlay.mount_program=/usr/bin/fuse-overlayfs
                              (aka STORAGE_OPTS=/usr/bin/fuse-overlayfs)

Now that a third backend is available, setting only:

* storage.driver=overlay      (aka STORAGE_DRIVER=overlay)

https://github.com/containers/podman/issues/13123 reported EXDEV errors
during the normal operation of their container. Tracing it out, the
problem turned out to be that their container was being mounted without
'userxattr'; I don't fully understand why, but mount(8) mentions this is
needed for rootless users:

> userxattr
>
>   Use the "user.overlay." xattr namespace instead of "trusted.overlay.".
>   This is useful for unprivileged mounting of overlayfs.

https://github.com/containers/storage/pull/1156 found and fixed the issue
in podman, and this just pulls in that via

    go get github.com/containers/storage@ebc90ab
    go mod vendor
    make vendor

Closes https://github.com/containers/podman/issues/13123

Signed-off-by: Nick Guenther <nick.guenther@polymtl.ca>

vendor/github.com/Microsoft/go-winio/pkg/guid/guid.go

@@ -14,8 +14,6 @@ import (
 	"encoding/binary"
 	"fmt"
 	"strconv"
-
-	"golang.org/x/sys/windows"
 )
 
 // Variant specifies which GUID variant (or "type") of the GUID. It determines
@@ -41,13 +39,6 @@ type Version uint8
 var _ = (encoding.TextMarshaler)(GUID{})
 var _ = (encoding.TextUnmarshaler)(&GUID{})
 
-// GUID represents a GUID/UUID. It has the same structure as
-// golang.org/x/sys/windows.GUID so that it can be used with functions expecting
-// that type. It is defined as its own type so that stringification and
-// marshaling can be supported. The representation matches that used by native
-// Windows code.
-type GUID windows.GUID
-
 // NewV4 returns a new version 4 (pseudorandom) GUID, as defined by RFC 4122.
 func NewV4() (GUID, error) {
 	var b [16]byte

vendor/github.com/Microsoft/go-winio/pkg/guid/guid_nonwindows.go

@@ -0,0 +1,15 @@
+// +build !windows
+
+package guid
+
+// GUID represents a GUID/UUID. It has the same structure as
+// golang.org/x/sys/windows.GUID so that it can be used with functions expecting
+// that type. It is defined as its own type as that is only available to builds
+// targeted at `windows`. The representation matches that used by native Windows
+// code.
+type GUID struct {
+	Data1 uint32
+	Data2 uint16
+	Data3 uint16
+	Data4 [8]byte
+}

vendor/github.com/Microsoft/go-winio/pkg/guid/guid_windows.go

@@ -0,0 +1,10 @@
+package guid
+
+import "golang.org/x/sys/windows"
+
+// GUID represents a GUID/UUID. It has the same structure as
+// golang.org/x/sys/windows.GUID so that it can be used with functions expecting
+// that type. It is defined as its own type so that stringification and
+// marshaling can be supported. The representation matches that used by native
+// Windows code.
+type GUID windows.GUID

vendor/github.com/Microsoft/go-winio/pkg/security/grantvmgroupaccess.go

@@ -3,11 +3,10 @@
 package security
 
 import (
+	"fmt"
 	"os"
 	"syscall"
 	"unsafe"
-
-	"github.com/pkg/errors"
 )
 
 type (
@@ -72,7 +71,7 @@ func GrantVmGroupAccess(name string) error {
 	// Stat (to determine if `name` is a directory).
 	s, err := os.Stat(name)
 	if err != nil {
-		return errors.Wrapf(err, "%s os.Stat %s", gvmga, name)
+		return fmt.Errorf("%s os.Stat %s: %w", gvmga, name, err)
 	}
 
 	// Get a handle to the file/directory. Must defer Close on success.
@@ -88,7 +87,7 @@ func GrantVmGroupAccess(name string) error {
 	sd := uintptr(0)
 	origDACL := uintptr(0)
 	if err := getSecurityInfo(fd, uint32(ot), uint32(si), nil, nil, &origDACL, nil, &sd); err != nil {
-		return errors.Wrapf(err, "%s GetSecurityInfo %s", gvmga, name)
+		return fmt.Errorf("%s GetSecurityInfo %s: %w", gvmga, name, err)
 	}
 	defer syscall.LocalFree((syscall.Handle)(unsafe.Pointer(sd)))
 
@@ -102,7 +101,7 @@ func GrantVmGroupAccess(name string) error {
 
 	// And finally use SetSecurityInfo to apply the updated DACL.
 	if err := setSecurityInfo(fd, uint32(ot), uint32(si), uintptr(0), uintptr(0), newDACL, uintptr(0)); err != nil {
-		return errors.Wrapf(err, "%s SetSecurityInfo %s", gvmga, name)
+		return fmt.Errorf("%s SetSecurityInfo %s: %w", gvmga, name, err)
 	}
 
 	return nil
@@ -120,7 +119,7 @@ func createFile(name string, isDir bool) (syscall.Handle, error) {
 	}
 	fd, err := syscall.CreateFile(&namep[0], da, sm, nil, syscall.OPEN_EXISTING, fa, 0)
 	if err != nil {
-		return 0, errors.Wrapf(err, "%s syscall.CreateFile %s", gvmga, name)
+		return 0, fmt.Errorf("%s syscall.CreateFile %s: %w", gvmga, name, err)
 	}
 	return fd, nil
 }
@@ -131,7 +130,7 @@ func generateDACLWithAcesAdded(name string, isDir bool, origDACL uintptr) (uintp
 	// Generate pointers to the SIDs based on the string SIDs
 	sid, err := syscall.StringToSid(sidVmGroup)
 	if err != nil {
-		return 0, errors.Wrapf(err, "%s syscall.StringToSid %s %s", gvmga, name, sidVmGroup)
+		return 0, fmt.Errorf("%s syscall.StringToSid %s %s: %w", gvmga, name, sidVmGroup, err)
 	}
 
 	inheritance := inheritModeNoInheritance
@@ -154,7 +153,7 @@ func generateDACLWithAcesAdded(name string, isDir bool, origDACL uintptr) (uintp
 
 	modifiedDACL := uintptr(0)
 	if err := setEntriesInAcl(uintptr(uint32(1)), uintptr(unsafe.Pointer(&eaArray[0])), origDACL, &modifiedDACL); err != nil {
-		return 0, errors.Wrapf(err, "%s SetEntriesInAcl %s", gvmga, name)
+		return 0, fmt.Errorf("%s SetEntriesInAcl %s: %w", gvmga, name, err)
 	}
 
 	return modifiedDACL, nil