agent: add io.katacontainers.fs-opt.overlay-rw option

This causes the overlay-fs driver to add the `upperdir` and `workdir` options to an overlay-fs mount so that the mount becomes writable using a discardable directory under the container id. Fixes: #7536 Signed-off-by: Wedson Almeida Filho <walmeida@microsoft.com>
2025-10-31 09:26:52 +00:00 · 2023-06-13 01:14:44 -03:00
parent 6163c35657
commit 6c867d9e86
2 changed files with 27 additions and 2 deletions
--- a/src/agent/src/mount.rs
+++ b/src/agent/src/mount.rs
@@ -340,8 +340,33 @@ pub async fn update_ephemeral_mounts(
 async fn overlayfs_storage_handler(
    logger: &Logger,
    storage: &Storage,
+    cid: Option<&str>,
    _sandbox: Arc<Mutex<Sandbox>>,
 ) -> Result<String> {
+    if storage
+        .options
+        .iter()
+        .any(|e| e == "io.katacontainers.fs-opt.overlay-rw")
+    {
+        let cid = cid.ok_or_else(|| anyhow!("No container id in rw overlay"))?;
+        let cpath = Path::new(crate::rpc::CONTAINER_BASE).join(cid);
+        let work = cpath.join("work");
+        let upper = cpath.join("upper");
+
+        fs::create_dir_all(&work).context("Creating overlay work directory")?;
+        fs::create_dir_all(&upper).context("Creating overlay upper directory")?;
+
+        let mut storage = storage.clone();
+        storage.fstype = "overlay".into();
+        storage
+            .options
+            .push(format!("upperdir={}", upper.to_string_lossy()));
+        storage
+            .options
+            .push(format!("workdir={}", work.to_string_lossy()));
+        return common_storage_handler(logger, &storage);
+    }
+
    common_storage_handler(logger, storage)
 }

@@ -869,7 +894,7 @@ pub async fn add_storages(
                ephemeral_storage_handler(&logger, &storage, sandbox.clone()).await
            }
            DRIVER_OVERLAYFS_TYPE => {
-                overlayfs_storage_handler(&logger, &storage, sandbox.clone()).await
+                overlayfs_storage_handler(&logger, &storage, cid.as_deref(), sandbox.clone()).await
            }
            DRIVER_MMIO_BLK_TYPE => {
                virtiommio_blk_storage_handler(&logger, &storage, sandbox.clone()).await
--- a/src/agent/src/rpc.rs
+++ b/src/agent/src/rpc.rs
@@ -84,7 +84,7 @@ use std::io::{BufRead, BufReader, Write};
 use std::os::unix::fs::FileExt;
 use std::path::PathBuf;

-const CONTAINER_BASE: &str = "/run/kata-containers";
+pub const CONTAINER_BASE: &str = "/run/kata-containers";
 const MODPROBE_PATH: &str = "/sbin/modprobe";

 /// the iptables seriers binaries could appear either in /sbin