index mutation race condition

Open cyphar opened this issue 8 years ago • 0 comments

Due to the structure of v1.0.0-rc5-and-later images, any update to the index.json needs to be synchronised. We deal with the fundamental races by using rename(2) and temporary files, but because the new index.json needs to be updated with contents that are semantically based on the original, there are more complex races that can occur where changes made between a GetIndex and PutIndex are lost. Unforunately, it seems this might require some sort of transaction interface in oci/cas (which doesn't match the underlying structure).

flock(2) would be the internal solution for the dir driver, but I have to think about it some more.

Jul 17 '17 09:07 cyphar