Merge pull request #502 from imageworks/overlayfs-xattrs

Overlayfs basic supported features check and default inode index

Author: rydrman

Cargo.lock

@@ -28,6 +28,7 @@ version = "0.36.0"
 [workspace.dependencies]
 anyhow = "1.0"
 async-trait = "0.1"
+cached = "0.42.0"
 chrono = { version = "0.4.19", features = ["serde"] }
 clap = { version = "4.3", features = ["derive", "env"] }
 colored = "2.0.0"

Cargo.toml

@@ -127,6 +127,11 @@ impl CmdEnter {
         &mut self,
         config: &spfs::Config,
     ) -> Result<Option<spfs::runtime::OwnedRuntime>> {
+        // this function will eventually be required to discover the overlayfs
+        // attributes. It can take many milliseconds to run so we prime the cache as
+        // soon as possible in a separate thread
+        std::thread::spawn(spfs::runtime::overlayfs::overlayfs_available_options_prime_cache);
+
         let mut runtime = self.load_runtime(config).await?;
 
         if self.exit.enabled {

crates/spfs-cli/cmd-enter/src/cmd_enter.rs

@@ -20,6 +20,7 @@ async-compression = { version = "0.3.15", features = ["tokio", "bzip2"] }
 async-trait = "0.1.52"
 async-recursion = "1.0"
 async-stream = "0.3"
+cached = { workspace = true }
 caps = "0.5.3"
 chrono = { workspace = true }
 close-err = "1.0"

crates/spfs/Cargo.toml

@@ -803,28 +803,58 @@ fn have_required_join_capabilities() -> Result<bool> {
         && effective.contains(&caps::Capability::CAP_SYS_CHROOT))
 }
 
+const OVERLAY_ARGS_RO_PREFIX: &str = "ro";
+const OVERLAY_ARGS_INDEX: &str = "index";
+const OVERLAY_ARGS_INDEX_ON: &str = "index=on";
+const OVERLAY_ARGS_METACOPY: &str = "metacopy";
+const OVERLAY_ARGS_METACOPY_ON: &str = "metacopy=on";
+
 /// A struct for holding the options that will be included
 /// in the overlayfs mount command when mounting an environment.
 #[derive(Default)]
 pub(crate) struct OverlayMountOptions {
-    pub(crate) read_only: bool,
+    /// Specifies that the overlay file system is mounted as read-only
+    pub read_only: bool,
+    /// When true, inodes are indexed in the mount so that
+    /// files which share the same inode (hardlinks) are broken
+    /// in the final mount and changes to one file don't affect
+    /// the other.
+    ///
+    /// This is the desired default behavior for
+    /// spfs, since we rely on hardlinks for deduplication but
+    /// expect that file to be able to appear in mutliple places
+    /// as separate files that just so happen to share the same content.
+    break_hardlinks: bool,
+    /// When true, overlayfs will use extended file attributes to avoid
+    /// copying file data when only the metadata of a file has changed.
+    /// https://www.kernel.org/doc/html/latest/filesystems/overlayfs.html#metadata-only-copy-up
+    metadata_copy_up: bool,
 }
 
 impl OverlayMountOptions {
     /// Create the mount options for a runtime state
     fn new(rt: &runtime::Runtime) -> Self {
         Self {
             read_only: !rt.status.editable,
+            break_hardlinks: true,
+            metadata_copy_up: true,
         }
     }
 
     /// Return the options that should be included in the mount request.
-    pub(crate) fn options(&self) -> Vec<&str> {
+    pub fn to_options(&self) -> Vec<&'static str> {
+        let params = runtime::overlayfs::overlayfs_available_options();
+        let mut opts = Vec::new();
         if self.read_only {
-            vec![OVERLAY_ARGS_RO_PREFIX]
-        } else {
-            Vec::default()
+            opts.push(OVERLAY_ARGS_RO_PREFIX);
         }
+        if self.break_hardlinks && params.contains(OVERLAY_ARGS_INDEX) {
+            opts.push(OVERLAY_ARGS_INDEX_ON);
+        }
+        if self.metadata_copy_up && params.contains(OVERLAY_ARGS_METACOPY) {
+            opts.push(OVERLAY_ARGS_METACOPY_ON);
+        }
+        opts
     }
 }
 
@@ -842,7 +872,7 @@ pub(crate) fn get_overlay_args<P: AsRef<Path>>(
     let mut args = String::with_capacity(4096);
 
     let mount_options = OverlayMountOptions::new(rt);
-    for option in mount_options.options() {
+    for option in mount_options.to_options() {
         args.push_str(option);
         args.push(',');
     }
@@ -875,8 +905,6 @@ pub(crate) fn get_overlay_args<P: AsRef<Path>>(
     Ok(args)
 }
 
-pub(crate) const OVERLAY_ARGS_RO_PREFIX: &str = "ro";
-
 #[cfg(feature = "fuse-backend")]
 fn get_fuse_args(config: &runtime::Config, owner: &IsRootUser, read_only: bool) -> String {
     use fuser::MountOption::*;

crates/spfs/src/env.rs

@@ -102,6 +102,10 @@ pub enum Error {
     #[error("Command, arguments or environment contained a nul byte, this is not supported")]
     CommandHasNul(#[source] std::ffi::NulError),
 
+    #[cfg(target_os = "linux")]
+    #[error("OverlayFS kernel module does not appear to be installed")]
+    OverlayFSNotInstalled,
+
     #[error("{}, and {} more errors during clean", errors.get(0).unwrap(), errors.len() - 1)]
     IncompleteClean { errors: Vec<Self> },
 }

crates/spfs/src/error.rs

@@ -4,7 +4,7 @@
 
 //! Handles the setup and initialization of runtime environments
 
-mod overlayfs;
+pub mod overlayfs;
 mod startup_csh;
 mod startup_sh;
 mod storage;

crates/spfs/src/runtime/mod.rs

@@ -2,8 +2,16 @@
 // SPDX-License-Identifier: Apache-2.0
 // https://github.com/imageworks/spk
 
+use std::collections::HashSet;
+use std::io::{BufRead, BufReader};
 use std::os::unix::fs::MetadataExt;
 
+use crate::{Error, Result};
+
+#[cfg(test)]
+#[path = "./overlayfs_test.rs"]
+mod overlayfs_test;
+
 pub fn is_removed_entry(meta: &std::fs::Metadata) -> bool {
     // overlayfs uses character device files to denote
     // a file that was removed, using this special file
@@ -14,3 +22,50 @@ pub fn is_removed_entry(meta: &std::fs::Metadata) -> bool {
     // - the device is always 0/0 for a whiteout file
     meta.rdev() == 0
 }
+
+/// Get the set of supported overlayfs arguments on this machine
+#[cfg(target_os = "linux")]
+#[cached::proc_macro::once(sync_writes = true)]
+pub fn overlayfs_available_options() -> HashSet<String> {
+    query_overlayfs_available_options().unwrap_or_else(|err| {
+        tracing::warn!("Failed to detect supported overlayfs params: {err}");
+        tracing::warn!(" > Falling back to the most conservative set, which is undesirable");
+        Default::default()
+    })
+}
+
+/// Read available overlayfs settings from the kernel
+fn query_overlayfs_available_options() -> Result<HashSet<String>> {
+    let output = std::process::Command::new("/sbin/modinfo")
+        .arg("overlay")
+        .output()
+        .map_err(|err| Error::process_spawn_error("/sbin/modinfo".into(), err, None))?;
+
+    if output.status.code().unwrap_or(1) != 0 {
+        return Err(Error::OverlayFSNotInstalled);
+    }
+
+    parse_modinfo_params(&mut BufReader::new(output.stdout.as_slice()))
+}
+
+/// Parses the available parameters from the output of `modinfo` for a kernel module
+#[cfg(target_os = "linux")]
+fn parse_modinfo_params<R: BufRead>(reader: &mut R) -> Result<HashSet<String>> {
+    let mut params = HashSet::new();
+    for line in reader.lines() {
+        let line = line.map_err(|err| {
+            Error::String(format!("Failed to read kernel module information: {err}"))
+        })?;
+        let param = match line.strip_prefix("parm:") {
+            Some(remainder) => remainder.trim(),
+            None => continue,
+        };
+        let name = match param.split_once(':') {
+            Some((name, _remainder)) => name,
+            None => param,
+        };
+        params.insert(name.to_owned());
+    }
+
+    Ok(params)
+}