bump c/common to latest and c/storage to 1.37.0

Update c/common to fix a bug where broken config files could be created via podman machine and podman system connection add. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-11-02 14:55:28 +08:00 · 2021-10-04 16:34:10 +02:00
parent 36821d302e
commit 8156df5b72
23 changed files with 566 additions and 308 deletions
--- a/vendor/github.com/containers/storage/VERSION
+++ b/vendor/github.com/containers/storage/VERSION
@ -1 +1 @@
-1.36.0+dev
+1.37.0
--- a/vendor/github.com/containers/storage/drivers/driver_linux.go
+++ b/vendor/github.com/containers/storage/drivers/driver_linux.go
@ -50,6 +50,40 @@ const (
 	FsMagicOverlay = FsMagic(0x794C7630)
 	// FsMagicFUSE filesystem id for FUSE
 	FsMagicFUSE = FsMagic(0x65735546)
+	// FsMagicAcfs filesystem id for Acfs
+	FsMagicAcfs = FsMagic(0x61636673)
+	// FsMagicAfs filesystem id for Afs
+	FsMagicAfs = FsMagic(0x5346414f)
+	// FsMagicCephFs filesystem id for Ceph
+	FsMagicCephFs = FsMagic(0x00C36400)
+	// FsMagicCIFS filesystem id for CIFS
+	FsMagicCIFS = FsMagic(0xFF534D42)
+	// FsMagicFHGFS filesystem id for FHGFS
+	FsMagicFHGFSFs = FsMagic(0x19830326)
+	// FsMagicIBRIX filesystem id for IBRIX
+	FsMagicIBRIX = FsMagic(0x013111A8)
+	// FsMagicKAFS filesystem id for KAFS
+	FsMagicKAFS = FsMagic(0x6B414653)
+	// FsMagicLUSTRE filesystem id for LUSTRE
+	FsMagicLUSTRE = FsMagic(0x0BD00BD0)
+	// FsMagicNCP filesystem id for NCP
+	FsMagicNCP = FsMagic(0x564C)
+	// FsMagicNFSD filesystem id for NFSD
+	FsMagicNFSD = FsMagic(0x6E667364)
+	// FsMagicOCFS2 filesystem id for OCFS2
+	FsMagicOCFS2 = FsMagic(0x7461636F)
+	// FsMagicPANFS filesystem id for PANFS
+	FsMagicPANFS = FsMagic(0xAAD7AAEA)
+	// FsMagicPRLFS filesystem id for PRLFS
+	FsMagicPRLFS = FsMagic(0x7C7C6673)
+	// FsMagicSMB2 filesystem id for SMB2
+	FsMagicSMB2 = FsMagic(0xFE534D42)
+	// FsMagicSNFS filesystem id for SNFS
+	FsMagicSNFS = FsMagic(0xBEEFDEAD)
+	// FsMagicVBOXSF filesystem id for VBOXSF
+	FsMagicVBOXSF = FsMagic(0x786F4256)
+	// FsMagicVXFS filesystem id for VXFS
+	FsMagicVXFS = FsMagic(0xA501FCF5)
 )

 var (
--- a/vendor/github.com/containers/storage/drivers/overlay/overlay.go
+++ b/vendor/github.com/containers/storage/drivers/overlay/overlay.go
@ -248,6 +248,23 @@ func (d *Driver) getSupportsVolatile() (bool, error) {
 	return supportsVolatile, nil
 }

+// isNetworkFileSystem checks if the specified file system is supported by native overlay
+// as backing store when running in a user namespace.
+func isNetworkFileSystem(fsMagic graphdriver.FsMagic) bool {
+	switch fsMagic {
+	// a bunch of network file systems...
+	case graphdriver.FsMagicNfsFs, graphdriver.FsMagicSmbFs, graphdriver.FsMagicAcfs,
+		graphdriver.FsMagicAfs, graphdriver.FsMagicCephFs, graphdriver.FsMagicCIFS,
+		graphdriver.FsMagicFHGFSFs, graphdriver.FsMagicGPFS, graphdriver.FsMagicIBRIX,
+		graphdriver.FsMagicKAFS, graphdriver.FsMagicLUSTRE, graphdriver.FsMagicNCP,
+		graphdriver.FsMagicNFSD, graphdriver.FsMagicOCFS2, graphdriver.FsMagicPANFS,
+		graphdriver.FsMagicPRLFS, graphdriver.FsMagicSMB2, graphdriver.FsMagicSNFS,
+		graphdriver.FsMagicVBOXSF, graphdriver.FsMagicVXFS:
+		return true
+	}
+	return false
+}
+
 // Init returns the a native diff driver for overlay filesystem.
 // If overlay filesystem is not supported on the host, a wrapped graphdriver.ErrNotSupported is returned as error.
 // If an overlay filesystem is not supported over an existing filesystem then a wrapped graphdriver.ErrIncompatibleFS is returned.
@ -266,18 +283,27 @@ func Init(home string, options graphdriver.Options) (graphdriver.Driver, error)
 	}

 	if opts.mountProgram != "" {
+		if unshare.IsRootless() && isNetworkFileSystem(fsMagic) && opts.forceMask == nil {
+			m := os.FileMode(0700)
+			opts.forceMask = &m
+			logrus.Warnf("Network file system detected as backing store.  Enforcing overlay option `force_mask=\"%o\"`.  Add it to storage.conf to silence this warning", m)
+		}
+
 		if err := ioutil.WriteFile(getMountProgramFlagFile(home), []byte("true"), 0600); err != nil {
 			return nil, err
 		}
 	} else {
-		// check if they are running over btrfs, aufs, zfs, overlay, or ecryptfs
 		if opts.forceMask != nil {
 			return nil, errors.New("'force_mask' is supported only with 'mount_program'")
 		}
+		// check if they are running over btrfs, aufs, zfs, overlay, or ecryptfs
 		switch fsMagic {
 		case graphdriver.FsMagicAufs, graphdriver.FsMagicZfs, graphdriver.FsMagicOverlay, graphdriver.FsMagicEcryptfs:
 			return nil, errors.Wrapf(graphdriver.ErrIncompatibleFS, "'overlay' is not supported over %s, a mount_program is required", backingFs)
 		}
+		if unshare.IsRootless() && isNetworkFileSystem(fsMagic) {
+			return nil, errors.Wrapf(graphdriver.ErrIncompatibleFS, "A network file system with user namespaces is not supported.  Please use a mount_program")
+		}
 	}

 	rootUID, rootGID, err := idtools.GetRootUIDGID(options.UIDMaps, options.GIDMaps)
@ -1431,6 +1457,11 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO
 				label = d.optsAppendMappings(label, options.UidMaps, options.GidMaps)
 			}

+			// if forceMask is in place, tell fuse-overlayfs to write the permissions mask to an unprivileged xattr as well.
+			if d.options.forceMask != nil {
+				label = label + ",xattr_permissions=2"
+			}
+
 			mountProgram := exec.Command(d.options.mountProgram, "-o", label, target)
 			mountProgram.Dir = d.home
 			var b bytes.Buffer
--- a/vendor/github.com/containers/storage/go.mod
+++ b/vendor/github.com/containers/storage/go.mod
@ -6,7 +6,7 @@ require (
 	github.com/BurntSushi/toml v0.4.1
 	github.com/Microsoft/go-winio v0.5.0
 	github.com/Microsoft/hcsshim v0.8.22
-	github.com/containerd/stargz-snapshotter/estargz v0.8.0
+	github.com/containerd/stargz-snapshotter/estargz v0.9.0
 	github.com/docker/go-units v0.4.0
 	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
 	github.com/google/go-intervals v0.0.2
--- a/vendor/github.com/containers/storage/go.sum
+++ b/vendor/github.com/containers/storage/go.sum
@ -31,8 +31,8 @@ github.com/containerd/containerd v1.4.9/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMX
 github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM=
 github.com/containerd/fifo v1.0.0/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
 github.com/containerd/go-runc v1.0.0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/stargz-snapshotter/estargz v0.8.0 h1:oA1wx8kTFfImfsT5bScbrZd8gK+WtQnn15q82Djvm0Y=
-github.com/containerd/stargz-snapshotter/estargz v0.8.0/go.mod h1:mwIwuwb+D8FX2t45Trwi0hmWmZm5VW7zPP/rekwhWQU=
+github.com/containerd/stargz-snapshotter/estargz v0.9.0 h1:PkB6BSTfOKX23erT2GkoUKkJEcXfNcyKskIViK770v8=
+github.com/containerd/stargz-snapshotter/estargz v0.9.0/go.mod h1:aE5PCyhFMwR8sbrErO5eM2GcvkyXTTJremG883D4qF0=
 github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
 github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
@ -122,7 +122,6 @@ github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvW
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc=
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE=
--- a/vendor/github.com/containers/storage/pkg/system/syscall_unix.go
+++ b/vendor/github.com/containers/storage/pkg/system/syscall_unix.go
@ -1,8 +1,11 @@
-// +build linux freebsd
+// +build linux freebsd darwin

 package system

-import "golang.org/x/sys/unix"
+import (
+	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
+)

 // Unmount is a platform-specific helper function to call
 // the unmount syscall.
@ -15,3 +18,8 @@ func Unmount(dest string) error {
 func CommandLineToArgv(commandLine string) ([]string, error) {
 	return []string{commandLine}, nil
 }
+
+// IsEBUSY checks if the specified error is EBUSY.
+func IsEBUSY(err error) bool {
+	return errors.Is(err, unix.EBUSY)
+}
--- a/vendor/github.com/containers/storage/pkg/system/syscall_windows.go
+++ b/vendor/github.com/containers/storage/pkg/system/syscall_windows.go
@ -120,3 +120,8 @@ func HasWin32KSupport() bool {
 	// APIs.
 	return ntuserApiset.Load() == nil
 }
+
+// IsEBUSY checks if the specified error is EBUSY.
+func IsEBUSY(err error) bool {
+	return false
+}
--- a/vendor/github.com/containers/storage/store.go
+++ b/vendor/github.com/containers/storage/store.go
@ -23,6 +23,7 @@ import (
 	"github.com/containers/storage/pkg/parsers"
 	"github.com/containers/storage/pkg/stringid"
 	"github.com/containers/storage/pkg/stringutils"
+	"github.com/containers/storage/pkg/system"
 	"github.com/containers/storage/types"
 	"github.com/hashicorp/go-multierror"
 	digest "github.com/opencontainers/go-digest"
@ -2498,7 +2499,15 @@ func (s *store) DeleteContainer(id string) error {
 			gcpath := filepath.Join(s.GraphRoot(), middleDir, container.ID)
 			wg.Add(1)
 			go func() {
-				errChan <- os.RemoveAll(gcpath)
+				var err error
+				for attempts := 0; attempts < 50; attempts++ {
+					err = os.RemoveAll(gcpath)
+					if err == nil || !system.IsEBUSY(err) {
+						break
+					}
+					time.Sleep(time.Millisecond * 100)
+				}
+				errChan <- err
 				wg.Done()
 			}()