Use `winio.RunWithPrivileges` to get the privileges.
It's better because it also locks the Go runtime thread so if the Go
scheduler decides to run this code on a different thread, it will still
have the expected privileges.
A naive attempt at fixing an error experienced by Docker Desktop user
when using Windows containers:
```
failed to register layer: re-exec error: exit status 1: output: hcsshim::ProcessUtilityVMImage \\?\C:\ProgramData\Docker\windowsfilter\<hash1>\UtilityVM: Access is denied.
failed to register layer: re-exec error: exit status 1: output: hcsshim::ProcessBaseLayer \\?\C:\ProgramData\Docker\windowsfilter\<hash2>: Access is denied.
failed to register layer: re-exec error: exit status 1: output: hcsshim::ProcessBaseLayer \\?\C:\ProgramData\Docker\windowsfilter\<hash3>: Access is denied.
```
Unfortunately I can't reproduce the issue on a Windows VM, but this
definitely won't hurt.
At least, I verified that the daemon still works on Windows.
Inspired by: https://github.com/containerd/containerd/issues/8206
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
When no explicit driver was specified, the containerd store by default
was also applied to existing graphdriver setups.
Fix this and add a test.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Add layer migration on startup
Use image size threshold rather than image count
Add daemon integration test
Add test for migrating to containerd snapshotters
Add vfs migration
Add tar export for containerd migration
Add containerd migration test with save and load
Signed-off-by: Derek McGowan <derek@mcg.dev>
It has no external users, and this package still has too many different
responsibilities, some of which may be available elsewhere, so moving it
internal so that we can decide to dismantle it further.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The stringid package is used in many places; while it's trivial
to implement a similar utility, let's just provide it as a utility
package in the client, removing the daemon-specific logic.
For integration tests, I opted to use the implementation in the
client, as those should not ideally not make assumptions about
the daemon implementation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This was added in a63ff8da46, but looks
like the only reason was to just have the var initialized, so let's
do so when we create the var.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These comments were added to enforce using the correct import path for
our packages ("github.com/docker/docker", not "github.com/moby/moby").
However, when working in go module mode (not GOPATH / vendor), they have
no effect, so their impact is limited.
Remove these imports in preparation of migrating our code to become an
actual go module.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Prevent accidentally shadowing these errors, which are used in defers, and
while at it, also fixed some linting warnings about unhandled errors.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
I noticed that the only reason we kept this was so that we could produce
a more targeted error for the deprecated storage-driver plugins, but it's
very unlikely someone used those, and if they did, we already had the
"DOCKERD_DEPRECATED_GRAPHDRIVER_PLUGINS" added as requirement. Let's
just produce an error if that option is set (and remove that altogether in
a later release, but just that check doesn't add significant complexity).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
daemon/graphdriver/fuse-overlayfs/fuseoverlayfs.go:527:2: naked return in func `fusermountU` with 25 lines of code (nakedret)
return
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
daemon/graphdriver/fsdiff.go:140:3: naked return in func `ApplyDiff` with 20 lines of code (nakedret)
return
^
daemon/graphdriver/fsdiff.go:149:3: naked return in func `ApplyDiff` with 20 lines of code (nakedret)
return
^
daemon/graphdriver/fsdiff.go:153:2: naked return in func `ApplyDiff` with 20 lines of code (nakedret)
return
^
daemon/graphdriver/fsdiff.go:164:3: naked return in func `DiffSize` with 15 lines of code (nakedret)
return
^
daemon/graphdriver/fsdiff.go:169:3: naked return in func `DiffSize` with 15 lines of code (nakedret)
return
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Ignore "dataset does not exist" error in Remove function
Signed-off-by: François Scala <github@arcenik.net>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The alias is not needed as the package is already named `units`.
It was also not aliases consistently across the project.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
daemon/graphdriver/btrfs/btrfs.go:562:3: shadow: declaration of "key" shadows declaration at line 561 (govet)
key := strings.ToLower(key)
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
daemon/graphdriver/overlay2/overlay.go:430:3: shadow: declaration of "key" shadows declaration at line 429 (govet)
key := strings.ToLower(key)
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commit 2ce811e632 migrated the use of the
userns package to the github.com/moby/sys/user module.
After further discussion with maintainers, it was decided to move the
userns package to a separate module, as it has no direct relation with
"user" operations (other than having "user" in its name).
This patch migrates our code to use the new module.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The userns package in libcontainer was integrated into the moby/sys/user
module at commit [3778ae603c706494fd1e2c2faf83b406e38d687d][1].
The userns package is used in many places, and currently either depends
on runc/libcontainer, or on containerd, both of which have a complex
dependency tree. This patch is part of a series of patches to unify the
implementations, and to migrate toward that implementation to simplify
the dependency tree.
[1]: 3778ae603c
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Capabilities were implemented in aa96c3176b,
as part of work on an external graphdriver-plugin. Given that none of
the builtin graphdrivers use this option, and support for graphdriver-
plugins has been removed in 555dac5e14,
we can remove this functionality.
This patch:
- removes the CapabilityDriver interface, which has no implementations
- removes the Capabilities type
- layer: remove layerStore.useTarSplit. This field was previously set
through the driver's Capabilities, but always enabled for the builtin
graphdrivers,
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The RefCounter is used in both graphdrivers and snapshotters. Move it
to a separate package to help decoupling snapshotters and graphdrivers,
and make it internal, as it's not intended to be used as a generic utility
package (we can still make it public if there would be a need).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The Checker interface was introduced in 1ba05cdb6a
as an optimization to allow passing a simplified check for situations that
don't require mountinfo.Mounted to be executed (as that may result in parsing
`/proc/self/mountinfo`).
The Checker was defined as an interface with a single `IsMounted` method,
possibly with the intent to allow for additional kind of checks to be added.
No new additions were made since its inception 9 Years ago, and if a need would
arrive, could probably be implemented as part of the check.
This patch simplifies the definition to a function, removing the need to
implement a wrapper struct just to satisfy the interface. The `Checker`
type definition is somewhat redundant, but is kept to have a place to
provide GoDoc.
The `NewFsChecker` and `NewDefaultChecker` utilities are removed as part
of this change, favoring a local definition for storage-drivers that
used them.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These utilities were used in both graphdrivers and snapshotters. Move them
to a separate package, to help decoupling snapshotters and graphdrivers,
and make it internal, as it's not intended to be used as a generic utility
package (we can still make it public if there would be a need).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The only external consumer are the `graphdriver` and `graphdriver/shim`
packages in github.com/docker/go-plugins-helpers, which depended on
[ContainerFS][1], which was removed in 9ce2b30b81.
graphdriver-plugins were deprecated in 6da604aa6a,
and support for them removed in 555dac5e14,
so removing this should not be an issue.
Ideally this package would've been moved inside `daemon/internal`, but it's used
by the `daemon` (cleanupContainer), `plugin` package, and by `graphdrivers`,
so needs to be in the top-level `internal/` package.
[1]: 6eecb7beb6/graphdriver/api.go (L218)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The exported function was only used in tests, and identical in use when
using New with a name provided. Deprecate it, and remove the uses of it
in our (integration-)tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
