mirror of
https://github.com/moby/moby.git
synced 2026-01-11 02:31:44 +00:00
cb88c6ba10
Hash the container ID, mount source and destination together to form a layer name. This ensures the generated names are filesystem-friendly and don't exceed path length limits while maintaining uniqueness across different mount points and containers. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
374 lines
11 KiB
Go
374 lines
11 KiB
Go
package daemon
|
|
|
|
import (
|
|
"context"
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"maps"
|
|
"os"
|
|
"path/filepath"
|
|
"sort"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/containerd/log"
|
|
mounttypes "github.com/moby/moby/api/types/mount"
|
|
volumetypes "github.com/moby/moby/api/types/volume"
|
|
"github.com/moby/moby/v2/daemon/container"
|
|
"github.com/moby/moby/v2/daemon/internal/layer"
|
|
"github.com/moby/moby/v2/daemon/server/imagebackend"
|
|
"github.com/moby/moby/v2/daemon/volume"
|
|
volumemounts "github.com/moby/moby/v2/daemon/volume/mounts"
|
|
"github.com/moby/moby/v2/daemon/volume/service"
|
|
volumeopts "github.com/moby/moby/v2/daemon/volume/service/opts"
|
|
"github.com/moby/moby/v2/errdefs"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
var _ volume.LiveRestorer = (*volumeWrapper)(nil)
|
|
|
|
// mountSort implements [sort.Interface] to sort an array of mounts in
|
|
// lexicographic order.
|
|
type mountSort []container.Mount
|
|
|
|
// Len returns the number of mounts. Used in sorting.
|
|
func (m mountSort) Len() int {
|
|
return len(m)
|
|
}
|
|
|
|
// Less returns true if the number of parts (a/b/c would be 3 parts) in the
|
|
// mount indexed by parameter 1 is less than that of the mount indexed by
|
|
// parameter 2. Used in sorting.
|
|
func (m mountSort) Less(i, j int) bool {
|
|
return m.parts(i) < m.parts(j)
|
|
}
|
|
|
|
// Swap swaps two items in an array of mounts. Used in sorting
|
|
func (m mountSort) Swap(i, j int) {
|
|
m[i], m[j] = m[j], m[i]
|
|
}
|
|
|
|
// parts returns the number of parts in the destination of a mount. Used in sorting.
|
|
func (m mountSort) parts(i int) int {
|
|
return strings.Count(filepath.Clean(m[i].Destination), string(os.PathSeparator))
|
|
}
|
|
|
|
// sortMounts sorts an array of mounts in lexicographic order. This ensure that
|
|
// when mounting, the mounts don't shadow other mounts. For example, if mounting
|
|
// /etc and /etc/resolv.conf, /etc/resolv.conf must not be mounted first.
|
|
func sortMounts(m []container.Mount) []container.Mount {
|
|
sort.Sort(mountSort(m))
|
|
return m
|
|
}
|
|
|
|
// registerMountPoints initializes the container mount points with the configured volumes and bind mounts.
|
|
// It follows the next sequence to decide what to mount in each final destination:
|
|
//
|
|
// 1. Select the previously configured mount points for the containers, if any.
|
|
// 2. Select the volumes mounted from another containers. Overrides previously configured mount point destination.
|
|
// 3. Select the bind mounts set by the client. Overrides previously configured mount point destinations.
|
|
// 4. Cleanup old volumes that are about to be reassigned.
|
|
//
|
|
// Do not lock while creating volumes since this could be calling out to external plugins
|
|
// Don't want to block other actions, like `docker ps` because we're waiting on an external plugin
|
|
func (daemon *Daemon) registerMountPoints(ctr *container.Container, defaultReadOnlyNonRecursive bool) (retErr error) {
|
|
binds := map[string]bool{}
|
|
mountPoints := map[string]*volumemounts.MountPoint{}
|
|
parser := volumemounts.NewParser()
|
|
|
|
ctx := context.TODO()
|
|
defer func() {
|
|
// clean up the container mountpoints once return with error
|
|
if retErr != nil {
|
|
for _, m := range mountPoints {
|
|
if m.Volume == nil {
|
|
continue
|
|
}
|
|
daemon.volumes.Release(ctx, m.Volume.Name(), ctr.ID)
|
|
}
|
|
}
|
|
}()
|
|
|
|
dereferenceIfExists := func(destination string) {
|
|
if v, ok := mountPoints[destination]; ok {
|
|
log.G(ctx).Debugf("Duplicate mount point '%s'", destination)
|
|
if v.Volume != nil {
|
|
daemon.volumes.Release(ctx, v.Volume.Name(), ctr.ID)
|
|
}
|
|
}
|
|
}
|
|
|
|
// 1. Read already configured mount points.
|
|
maps.Copy(mountPoints, ctr.MountPoints)
|
|
|
|
// 2. Read volumes from other containers.
|
|
for _, v := range ctr.HostConfig.VolumesFrom {
|
|
containerID, mode, err := parser.ParseVolumesFrom(v)
|
|
if err != nil {
|
|
return errdefs.InvalidParameter(err)
|
|
}
|
|
|
|
c, err := daemon.GetContainer(containerID)
|
|
if err != nil {
|
|
return errdefs.InvalidParameter(err)
|
|
}
|
|
|
|
for _, m := range c.MountPoints {
|
|
cp := &volumemounts.MountPoint{
|
|
Type: m.Type,
|
|
Name: m.Name,
|
|
Source: m.Source,
|
|
RW: m.RW && parser.ReadWrite(mode),
|
|
Driver: m.Driver,
|
|
Destination: m.Destination,
|
|
Propagation: m.Propagation,
|
|
Spec: m.Spec,
|
|
CopyData: false,
|
|
}
|
|
|
|
if cp.Source == "" {
|
|
v, err := daemon.volumes.Get(ctx, cp.Name, volumeopts.WithGetDriver(cp.Driver), volumeopts.WithGetReference(ctr.ID))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
cp.Volume = &volumeWrapper{v: v, s: daemon.volumes}
|
|
}
|
|
dereferenceIfExists(cp.Destination)
|
|
mountPoints[cp.Destination] = cp
|
|
}
|
|
}
|
|
|
|
// 3. Read bind mounts
|
|
for _, b := range ctr.HostConfig.Binds {
|
|
bind, err := parser.ParseMountRaw(b, ctr.HostConfig.VolumeDriver)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
needsSlavePropagation, err := daemon.validateBindDaemonRoot(bind.Spec)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if needsSlavePropagation {
|
|
bind.Propagation = mounttypes.PropagationRSlave
|
|
}
|
|
|
|
// #10618
|
|
_, tmpfsExists := ctr.HostConfig.Tmpfs[bind.Destination]
|
|
if binds[bind.Destination] || tmpfsExists {
|
|
return duplicateMountPointError(bind.Destination)
|
|
}
|
|
|
|
if bind.Type == mounttypes.TypeVolume {
|
|
// create the volume
|
|
v, err := daemon.volumes.Create(ctx, bind.Name, bind.Driver, volumeopts.WithCreateReference(ctr.ID))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
bind.Volume = &volumeWrapper{v: v, s: daemon.volumes}
|
|
bind.Source = v.Mountpoint
|
|
// bind.Name is an already existing volume, we need to use that here
|
|
bind.Driver = v.Driver
|
|
if bind.Driver == volume.DefaultDriverName {
|
|
setBindModeIfNull(bind)
|
|
}
|
|
}
|
|
|
|
if bind.Type == mounttypes.TypeBind && !bind.RW {
|
|
if defaultReadOnlyNonRecursive {
|
|
if bind.Spec.BindOptions == nil {
|
|
bind.Spec.BindOptions = &mounttypes.BindOptions{}
|
|
}
|
|
bind.Spec.BindOptions.ReadOnlyNonRecursive = true
|
|
}
|
|
}
|
|
|
|
binds[bind.Destination] = true
|
|
dereferenceIfExists(bind.Destination)
|
|
mountPoints[bind.Destination] = bind
|
|
}
|
|
|
|
for _, cfg := range ctr.HostConfig.Mounts {
|
|
mp, err := parser.ParseMountSpec(cfg)
|
|
if err != nil {
|
|
return errdefs.InvalidParameter(err)
|
|
}
|
|
needsSlavePropagation, err := daemon.validateBindDaemonRoot(mp.Spec)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if needsSlavePropagation {
|
|
mp.Propagation = mounttypes.PropagationRSlave
|
|
}
|
|
|
|
if binds[mp.Destination] {
|
|
return duplicateMountPointError(cfg.Target)
|
|
}
|
|
|
|
if mp.Type == mounttypes.TypeVolume {
|
|
var v *volumetypes.Volume
|
|
if cfg.VolumeOptions != nil {
|
|
var driverOpts map[string]string
|
|
if cfg.VolumeOptions.DriverConfig != nil {
|
|
driverOpts = cfg.VolumeOptions.DriverConfig.Options
|
|
}
|
|
v, err = daemon.volumes.Create(ctx,
|
|
mp.Name,
|
|
mp.Driver,
|
|
volumeopts.WithCreateReference(ctr.ID),
|
|
volumeopts.WithCreateOptions(driverOpts),
|
|
volumeopts.WithCreateLabels(cfg.VolumeOptions.Labels),
|
|
)
|
|
} else {
|
|
v, err = daemon.volumes.Create(ctx, mp.Name, mp.Driver, volumeopts.WithCreateReference(ctr.ID))
|
|
}
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
mp.Volume = &volumeWrapper{v: v, s: daemon.volumes}
|
|
mp.Name = v.Name
|
|
mp.Driver = v.Driver
|
|
|
|
// need to selinux-relabel local mounts
|
|
mp.Source = v.Mountpoint
|
|
if mp.Driver == volume.DefaultDriverName {
|
|
setBindModeIfNull(mp)
|
|
}
|
|
}
|
|
|
|
if mp.Type == mounttypes.TypeBind {
|
|
if cfg.BindOptions == nil || !cfg.BindOptions.CreateMountpoint {
|
|
mp.SkipMountpointCreation = true
|
|
}
|
|
|
|
if !mp.RW && defaultReadOnlyNonRecursive {
|
|
if mp.Spec.BindOptions == nil {
|
|
mp.Spec.BindOptions = &mounttypes.BindOptions{}
|
|
}
|
|
mp.Spec.BindOptions.ReadOnlyNonRecursive = true
|
|
}
|
|
}
|
|
|
|
if mp.Type == mounttypes.TypeImage {
|
|
img, err := daemon.imageService.GetImage(ctx, mp.Source, imagebackend.GetImageOpts{})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
rwLayerOpts := &layer.CreateRWLayerOpts{
|
|
StorageOpt: ctr.HostConfig.StorageOpt,
|
|
}
|
|
|
|
// Hash the source and destination to create a safe, unique identifier for each mount point and container.
|
|
// This makes sure that the same image can be mounted multiple times with different destinations.
|
|
// We hash it so that the snapshot name is friendly to the underlying filesystem and doesn't exceed path length limits.
|
|
destHash := sha256.Sum256([]byte(ctr.ID + "-src=" + mp.Source + "-dst=" + mp.Destination))
|
|
layerName := hex.EncodeToString(destHash[:])
|
|
layer, err := daemon.imageService.CreateLayerFromImage(img, layerName, rwLayerOpts)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
metadata, err := layer.Metadata()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
path, err := layer.Mount("")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if metadata["ID"] != "" {
|
|
mp.ID = metadata["ID"]
|
|
}
|
|
|
|
mp.Name = mp.Spec.Source
|
|
mp.Spec.Source = img.ID().String()
|
|
mp.Source = path
|
|
mp.Layer = layer
|
|
mp.RW = false
|
|
}
|
|
|
|
binds[mp.Destination] = true
|
|
dereferenceIfExists(mp.Destination)
|
|
mountPoints[mp.Destination] = mp
|
|
}
|
|
|
|
ctr.Lock()
|
|
|
|
// 4. Cleanup old volumes that are about to be reassigned.
|
|
for _, m := range mountPoints {
|
|
if parser.IsBackwardCompatible(m) {
|
|
if mp, exists := ctr.MountPoints[m.Destination]; exists && mp.Volume != nil {
|
|
daemon.volumes.Release(ctx, mp.Volume.Name(), ctr.ID)
|
|
}
|
|
}
|
|
}
|
|
ctr.MountPoints = mountPoints
|
|
|
|
ctr.Unlock()
|
|
|
|
return nil
|
|
}
|
|
|
|
// lazyInitializeVolume initializes a mountpoint's volume if needed.
|
|
// This happens after a daemon restart.
|
|
func (daemon *Daemon) lazyInitializeVolume(containerID string, m *volumemounts.MountPoint) error {
|
|
if m.Driver != "" && m.Volume == nil {
|
|
v, err := daemon.volumes.Get(context.TODO(), m.Name, volumeopts.WithGetDriver(m.Driver), volumeopts.WithGetReference(containerID))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
m.Volume = &volumeWrapper{v: v, s: daemon.volumes}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// VolumesService is used to perform volume operations
|
|
func (daemon *Daemon) VolumesService() *service.VolumesService {
|
|
return daemon.volumes
|
|
}
|
|
|
|
type volumeMounter interface {
|
|
Mount(ctx context.Context, v *volumetypes.Volume, ref string) (string, error)
|
|
Unmount(ctx context.Context, v *volumetypes.Volume, ref string) error
|
|
LiveRestoreVolume(ctx context.Context, v *volumetypes.Volume, ref string) error
|
|
}
|
|
|
|
type volumeWrapper struct {
|
|
v *volumetypes.Volume
|
|
s volumeMounter
|
|
}
|
|
|
|
func (v *volumeWrapper) Name() string {
|
|
return v.v.Name
|
|
}
|
|
|
|
func (v *volumeWrapper) DriverName() string {
|
|
return v.v.Driver
|
|
}
|
|
|
|
func (v *volumeWrapper) Path() string {
|
|
return v.v.Mountpoint
|
|
}
|
|
|
|
func (v *volumeWrapper) Mount(ref string) (string, error) {
|
|
return v.s.Mount(context.TODO(), v.v, ref)
|
|
}
|
|
|
|
func (v *volumeWrapper) Unmount(ref string) error {
|
|
return v.s.Unmount(context.TODO(), v.v, ref)
|
|
}
|
|
|
|
func (v *volumeWrapper) CreatedAt() (time.Time, error) {
|
|
return time.Time{}, errors.New("not implemented")
|
|
}
|
|
|
|
func (v *volumeWrapper) Status() map[string]any {
|
|
return v.v.Status
|
|
}
|
|
|
|
func (v *volumeWrapper) LiveRestoreVolume(ctx context.Context, ref string) error {
|
|
return v.s.LiveRestoreVolume(ctx, v.v, ref)
|
|
}
|