kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity
moby--moby/daemon
History
Akihiro Suda 8088859bab
btrfs: Allow unprivileged user to delete subvolumes (kernel >= 4.18) 
Fix issue 41762

Cherry-pick "drivers: btrfs: Allow unprivileged user to delete subvolumes" from containers/storage
831e32b6bd

> In btrfs, subvolume can be deleted by IOC_SNAP_DESTROY ioctl but there
> is one catch: unprivileged IOC_SNAP_DESTROY call is restricted by default.
>
> This is because IOC_SNAP_DESTROY only performs permission checks on
> the top directory(subvolume) and unprivileged user might delete dirs/files
> which cannot be deleted otherwise. This restriction can be relaxed if
> user_subvol_rm_allowed mount option is used.
>
> Although the above ioctl had been the only way to delete a subvolume,
> btrfs now allows deletion of subvolume just like regular directory
> (i.e. rmdir sycall) since kernel 4.18.
>
> So if we fail to cleanup subvolume in subvolDelete(), just fallback to
> system.EnsureRmoveall() to try to cleanup subvolumes again.
> (Note: quota needs privilege, so if quota is enabled we do not fallback)
>
> This fix will allow non-privileged container works with btrfs backend.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 62b5194f62)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-04-06 14:45:01 +09:00
..
cluster Fix jobs mode filter spelling 2020-12-15 14:45:05 -06:00
config Added ip6tables config option 2020-11-05 16:18:23 +01:00
discovery
events
exec
graphdriver btrfs: Allow unprivileged user to delete subvolumes (kernel >= 4.18) 2021-04-06 14:45:01 +09:00
images Merge pull request #42045 from cpuguy83/20.10_fallback_manifest_on_bad_plat 2021-02-18 21:37:34 +01:00
initlayer
links
listeners daemon/listeners: use pkg/errors 2020-09-14 14:50:54 +02:00
logger jsonfile: more defensive reader implementation 2021-03-19 18:18:55 +01:00
names
network Move HostGatewayName const to opts, and change vars to consts 2020-10-30 21:17:34 +01:00
stats daemon/stats: use const for clockTicksPerSecond 2020-07-08 14:22:04 +02:00
testdata
apparmor_default.go buildkit: Apply apparmor profile 2021-01-28 21:33:12 +00:00
apparmor_default_unsupported.go buildkit: Apply apparmor profile 2021-01-28 21:33:12 +00:00
archive.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
archive_tarcopyoptions.go
archive_tarcopyoptions_unix.go
archive_tarcopyoptions_windows.go
archive_unix.go
archive_windows.go
attach.go Replace errors.Cause() with errors.Is() / errors.As() 2020-04-29 00:28:41 +02:00
auth.go
changes.go
checkpoint.go
cluster.go
commit.go
configs.go
configs_linux.go
configs_unsupported.go
configs_windows.go
container.go Replace service "Capabilities" w/ add/drop API 2020-07-27 10:09:42 -07:00
container_linux.go daemon: fix capitalization of some functions 2020-04-14 17:22:19 +02:00
container_operations.go Move HostGatewayName const to opts, and change vars to consts 2020-10-30 21:17:34 +01:00
container_operations_unix.go Use real root with 0701 perms 2021-01-26 17:23:32 +00:00
container_operations_windows.go
container_unix_test.go
container_windows.go daemon: fix capitalization of some functions 2020-04-14 17:22:19 +02:00
content.go Store image manifests in containerd content store 2020-11-05 20:02:18 +00:00
create.go Move cpu variant checks into platform matcher 2021-02-18 20:12:07 +00:00
create_test.go
create_unix.go
create_windows.go
daemon.go Add shim config for custom runtimes for plugins 2021-02-17 21:20:03 +01:00
daemon_linux.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
daemon_linux_test.go Really switch to moby/sys/mount* 2020-03-20 09:46:25 -07:00
daemon_test.go Replace errors.Cause() with errors.Is() / errors.As() 2020-04-29 00:28:41 +02:00
daemon_unix.go Fix Error in daemon_unix.go and docker_cli_run_unit_test.go 2021-02-17 21:17:28 +01:00
daemon_unix_test.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
daemon_unsupported.go cgroup2: implement docker info 2020-04-17 07:20:01 +09:00
daemon_windows.go Do not call mount.RecursiveUnmount() on Windows 2020-10-29 23:00:16 +01:00
daemon_windows_test.go
debugtrap_unix.go daemon: rename all receivers to "daemon" 2020-04-14 17:22:21 +02:00
debugtrap_unsupported.go daemon: rename all receivers to "daemon" 2020-04-14 17:22:21 +02:00
debugtrap_windows.go daemon: rename all receivers to "daemon" 2020-04-14 17:22:21 +02:00
delete.go vendor: opencontainers/selinux v1.8.0, and remove selinux build-tag and stubs 2020-12-24 00:47:16 +01:00
delete_test.go
dependency.go
devices_linux.go
disk_usage.go
errors.go
events.go
events_test.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
exec.go remove uses of deprecated pkg/term 2020-04-21 16:29:27 +02:00
exec_linux.go Simplify getUser() to use libcontainer built-in functionality 2020-09-09 13:25:59 +02:00
exec_linux_test.go
exec_windows.go
export.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
health.go daemon: rename all receivers to "daemon" 2020-04-14 17:22:21 +02:00
health_test.go
info.go Update documentation links 2021-02-25 21:54:39 +01:00
info_test.go
info_unix.go docker info: adjust warning strings for cgroup v2 2021-02-02 14:32:13 +09:00
info_unix_test.go
info_windows.go
inspect.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
inspect_linux.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
inspect_test.go
inspect_windows.go
keys.go
keys_unsupported.go
kill.go Wait for container exit before forcing handler 2020-08-11 21:33:59 +00:00
licensing.go
licensing_test.go
links.go
list.go Merge pull request #40725 from cpuguy83/check_img_platform 2020-05-21 11:33:27 -07:00
list_test.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
list_unix.go
list_windows.go
logdrivers_linux.go
logdrivers_windows.go
logs.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
logs_test.go
metrics.go daemon: rename all receivers to "daemon" 2020-04-14 17:22:21 +02:00
metrics_unix.go Do not require "experimental" for metrics API 2020-04-20 22:19:00 +02:00
metrics_unsupported.go
monitor.go handleContainerExit: put a timeout on containerd DeleteTask 2020-11-14 15:23:29 -08:00
mounts.go
names.go
network.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
network_windows.go
nvidia_linux.go
oci_linux.go rootless: bind mount: fix "operation not permitted" 2021-04-01 18:45:23 +09:00
oci_linux_test.go daemon/oci_linux_test: Skip privileged tests when non-root 2020-12-15 09:47:44 +07:00
oci_utils.go
oci_windows.go Replace service "Capabilities" w/ add/drop API 2020-07-27 10:09:42 -07:00
oci_windows_test.go
pause.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
prune.go API: add "prune" events 2020-07-28 12:41:14 +02:00
reload.go
reload_test.go
reload_unix.go Fix lint error on sprintf call for runtime string 2020-07-09 15:41:44 -07:00
reload_windows.go
rename.go
resize.go
resize_test.go
restart.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
runtime_unix.go Add shim config for custom runtimes for plugins 2021-02-17 21:20:03 +01:00
runtime_windows.go Add shim config for custom runtimes for plugins 2021-02-17 21:20:03 +01:00
seccomp_disabled.go
seccomp_linux.go Simplify seccomp logic 2020-09-09 18:23:27 +01:00
seccomp_unsupported.go
secrets.go
secrets_linux.go
secrets_unsupported.go
secrets_windows.go
start.go Don't set image on containerd container. 2020-11-06 04:55:03 +00:00
start_unix.go Add shim config for custom runtimes for plugins 2021-02-17 21:20:03 +01:00
start_windows.go Configure shims from runtime config 2020-07-13 14:18:02 -07:00
stats.go Merge pull request #40478 from cpuguy83/dont-prime-the-stats 2020-04-16 20:57:06 +02:00
stats_collector.go
stats_unix.go
stats_windows.go
stop.go
top_unix.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
top_unix_test.go
top_windows.go
trustkey.go
trustkey_test.go
unpause.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
update.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
update_linux.go
update_windows.go
util_test.go Configure shims from runtime config 2020-07-13 14:18:02 -07:00
volumes.go Fix status code for missing --volumes-from container 2020-06-29 13:28:14 +02:00
volumes_linux.go
volumes_linux_test.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
volumes_unit_test.go
volumes_unix.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
volumes_unix_test.go
volumes_windows.go
wait.go
workdir.go