bump c/common to latest and c/storage to 1.37.0

Update c/common to fix a bug where broken config files could be created via podman machine and podman system connection add. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-12-11 09:18:34 +08:00 · 2021-10-04 16:34:10 +02:00
parent 36821d302e
commit 8156df5b72
23 changed files with 566 additions and 308 deletions
--- a/vendor/github.com/containers/storage/drivers/driver_linux.go
+++ b/vendor/github.com/containers/storage/drivers/driver_linux.go
@@ -50,6 +50,40 @@ const (
 	FsMagicOverlay = FsMagic(0x794C7630)
 	// FsMagicFUSE filesystem id for FUSE
 	FsMagicFUSE = FsMagic(0x65735546)
+	// FsMagicAcfs filesystem id for Acfs
+	FsMagicAcfs = FsMagic(0x61636673)
+	// FsMagicAfs filesystem id for Afs
+	FsMagicAfs = FsMagic(0x5346414f)
+	// FsMagicCephFs filesystem id for Ceph
+	FsMagicCephFs = FsMagic(0x00C36400)
+	// FsMagicCIFS filesystem id for CIFS
+	FsMagicCIFS = FsMagic(0xFF534D42)
+	// FsMagicFHGFS filesystem id for FHGFS
+	FsMagicFHGFSFs = FsMagic(0x19830326)
+	// FsMagicIBRIX filesystem id for IBRIX
+	FsMagicIBRIX = FsMagic(0x013111A8)
+	// FsMagicKAFS filesystem id for KAFS
+	FsMagicKAFS = FsMagic(0x6B414653)
+	// FsMagicLUSTRE filesystem id for LUSTRE
+	FsMagicLUSTRE = FsMagic(0x0BD00BD0)
+	// FsMagicNCP filesystem id for NCP
+	FsMagicNCP = FsMagic(0x564C)
+	// FsMagicNFSD filesystem id for NFSD
+	FsMagicNFSD = FsMagic(0x6E667364)
+	// FsMagicOCFS2 filesystem id for OCFS2
+	FsMagicOCFS2 = FsMagic(0x7461636F)
+	// FsMagicPANFS filesystem id for PANFS
+	FsMagicPANFS = FsMagic(0xAAD7AAEA)
+	// FsMagicPRLFS filesystem id for PRLFS
+	FsMagicPRLFS = FsMagic(0x7C7C6673)
+	// FsMagicSMB2 filesystem id for SMB2
+	FsMagicSMB2 = FsMagic(0xFE534D42)
+	// FsMagicSNFS filesystem id for SNFS
+	FsMagicSNFS = FsMagic(0xBEEFDEAD)
+	// FsMagicVBOXSF filesystem id for VBOXSF
+	FsMagicVBOXSF = FsMagic(0x786F4256)
+	// FsMagicVXFS filesystem id for VXFS
+	FsMagicVXFS = FsMagic(0xA501FCF5)
 )

 var (
--- a/vendor/github.com/containers/storage/drivers/overlay/overlay.go
+++ b/vendor/github.com/containers/storage/drivers/overlay/overlay.go
@@ -248,6 +248,23 @@ func (d *Driver) getSupportsVolatile() (bool, error) {
 	return supportsVolatile, nil
 }

+// isNetworkFileSystem checks if the specified file system is supported by native overlay
+// as backing store when running in a user namespace.
+func isNetworkFileSystem(fsMagic graphdriver.FsMagic) bool {
+	switch fsMagic {
+	// a bunch of network file systems...
+	case graphdriver.FsMagicNfsFs, graphdriver.FsMagicSmbFs, graphdriver.FsMagicAcfs,
+		graphdriver.FsMagicAfs, graphdriver.FsMagicCephFs, graphdriver.FsMagicCIFS,
+		graphdriver.FsMagicFHGFSFs, graphdriver.FsMagicGPFS, graphdriver.FsMagicIBRIX,
+		graphdriver.FsMagicKAFS, graphdriver.FsMagicLUSTRE, graphdriver.FsMagicNCP,
+		graphdriver.FsMagicNFSD, graphdriver.FsMagicOCFS2, graphdriver.FsMagicPANFS,
+		graphdriver.FsMagicPRLFS, graphdriver.FsMagicSMB2, graphdriver.FsMagicSNFS,
+		graphdriver.FsMagicVBOXSF, graphdriver.FsMagicVXFS:
+		return true
+	}
+	return false
+}
+
 // Init returns the a native diff driver for overlay filesystem.
 // If overlay filesystem is not supported on the host, a wrapped graphdriver.ErrNotSupported is returned as error.
 // If an overlay filesystem is not supported over an existing filesystem then a wrapped graphdriver.ErrIncompatibleFS is returned.
@@ -266,18 +283,27 @@ func Init(home string, options graphdriver.Options) (graphdriver.Driver, error)
 	}

 	if opts.mountProgram != "" {
+		if unshare.IsRootless() && isNetworkFileSystem(fsMagic) && opts.forceMask == nil {
+			m := os.FileMode(0700)
+			opts.forceMask = &m
+			logrus.Warnf("Network file system detected as backing store.  Enforcing overlay option `force_mask=\"%o\"`.  Add it to storage.conf to silence this warning", m)
+		}
+
 		if err := ioutil.WriteFile(getMountProgramFlagFile(home), []byte("true"), 0600); err != nil {
 			return nil, err
 		}
 	} else {
-		// check if they are running over btrfs, aufs, zfs, overlay, or ecryptfs
 		if opts.forceMask != nil {
 			return nil, errors.New("'force_mask' is supported only with 'mount_program'")
 		}
+		// check if they are running over btrfs, aufs, zfs, overlay, or ecryptfs
 		switch fsMagic {
 		case graphdriver.FsMagicAufs, graphdriver.FsMagicZfs, graphdriver.FsMagicOverlay, graphdriver.FsMagicEcryptfs:
 			return nil, errors.Wrapf(graphdriver.ErrIncompatibleFS, "'overlay' is not supported over %s, a mount_program is required", backingFs)
 		}
+		if unshare.IsRootless() && isNetworkFileSystem(fsMagic) {
+			return nil, errors.Wrapf(graphdriver.ErrIncompatibleFS, "A network file system with user namespaces is not supported.  Please use a mount_program")
+		}
 	}

 	rootUID, rootGID, err := idtools.GetRootUIDGID(options.UIDMaps, options.GIDMaps)
@@ -1431,6 +1457,11 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO
 				label = d.optsAppendMappings(label, options.UidMaps, options.GidMaps)
 			}

+			// if forceMask is in place, tell fuse-overlayfs to write the permissions mask to an unprivileged xattr as well.
+			if d.options.forceMask != nil {
+				label = label + ",xattr_permissions=2"
+			}
+
 			mountProgram := exec.Command(d.options.mountProgram, "-o", label, target)
 			mountProgram.Dir = d.home
 			var b bytes.Buffer