fuse-overlayfs icon indicating copy to clipboard operation
fuse-overlayfs copied to clipboard

Published 20 hours ago verified publisher icon containers

setattr fails with readonly /proc

Open 3XX0 opened this issue 5 years ago • 4 comments

setattr fails if /proc is mounted as readonly. It used to work at some point but now that symlinks are handled through /proc/self/fd it will fail with EROFS.

AFAIK it's not easily fixable with the current logic since we're opening the fd on the symlink early on and syscalls like utimensat won't work on symlink fds.

https://github.com/containers/fuse-overlayfs/blob/1faf62ce32f2bab09d593b61a44af76e08639ffa/main.c#L3309-L3317

Is there a reason not to rely on things like utimensat(dirfd,...), fchownat, fchmodat instead?

3XX0 avatar Oct 31 '19 19:10 3XX0

the reason for that is that fchmodat doesn't support AT_SYMLINK_NOFOLLOW. Going through /proc is the only workaround I've found to that limitation

giuseppe avatar Nov 01 '19 11:11 giuseppe

You're right, my bad I trusted the man page. I thought you could use NULL or AT_EMPTY_PATH but looking at the kernel source there is no way.

Should this be mentioned somewhere then? Getting EROFS on a r/w mount is certainly surprising.

3XX0 avatar Nov 01 '19 18:11 3XX0

we could probably add a test when fuse-overlayfs starts and if there is a upperdir directory specified then we also check that /proc/self/fd/X can be opened with O_WRONLY. What do you think? It can give a more helpful error and inform the user that /proc must be present and writeable

giuseppe avatar Nov 01 '19 20:11 giuseppe

Yeah that's a good idea, it doesn't have to be fatal a warning could be enough

3XX0 avatar Nov 01 '19 22:11 3XX0

and finally opened a PR: https://github.com/containers/fuse-overlayfs/pull/372

giuseppe avatar Aug 24 '22 13:08 giuseppe