kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity
moby--moby/daemon/graphdriver/btrfs
History
Akihiro Suda 8088859bab
btrfs: Allow unprivileged user to delete subvolumes (kernel >= 4.18) 
Fix issue 41762

Cherry-pick "drivers: btrfs: Allow unprivileged user to delete subvolumes" from containers/storage
831e32b6bd

> In btrfs, subvolume can be deleted by IOC_SNAP_DESTROY ioctl but there
> is one catch: unprivileged IOC_SNAP_DESTROY call is restricted by default.
>
> This is because IOC_SNAP_DESTROY only performs permission checks on
> the top directory(subvolume) and unprivileged user might delete dirs/files
> which cannot be deleted otherwise. This restriction can be relaxed if
> user_subvol_rm_allowed mount option is used.
>
> Although the above ioctl had been the only way to delete a subvolume,
> btrfs now allows deletion of subvolume just like regular directory
> (i.e. rmdir sycall) since kernel 4.18.
>
> So if we fail to cleanup subvolume in subvolDelete(), just fallback to
> system.EnsureRmoveall() to try to cleanup subvolumes again.
> (Note: quota needs privilege, so if quota is enabled we do not fallback)
>
> This fix will allow non-privileged container works with btrfs backend.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 62b5194f62)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 		2021-04-06 14:45:01 +09:00
..
btrfs.go btrfs: Allow unprivileged user to delete subvolumes (kernel >= 4.18) 2021-04-06 14:45:01 +09:00
btrfs_test.go Add canonical import comment 2018-02-05 16:51:57 -05:00
dummy_unsupported.go Add canonical import comment 2018-02-05 16:51:57 -05:00
version.go daemon: Remove btrfs_noversion build flag 2019-08-06 22:55:29 +00:00
version_test.go daemon: Remove btrfs_noversion build flag 2019-08-06 22:55:29 +00:00