[PATCH v2 0/2][Xenial SRU] Fix docker permission issues with the overlay2 storage driver
Seth Forshee
seth.forshee at canonical.com
Tue Jan 31 22:55:29 UTC 2017
On Tue, Jan 31, 2017 at 08:14:25AM -0600, Seth Forshee wrote:
> On Tue, Jan 31, 2017 at 11:59:07AM +0100, Stefan Bader wrote:
> > On 30.01.2017 23:06, Seth Forshee wrote:
> > > BugLink: http://bugs.launchpad.net/bugs/1659417
> > >
> > > Under some conditions docker users who use the overlay2 storage driver
> > > on xenial are seeing erroneous "permission denied" errors. This is
> > > caused by a bug in overlayfs which was fixed by two commits in 4.6. The
> > > following are backports of those patches to xenial.
> > >
> > > Changes in v2: Fix locking
> >
> > The set is dangerously confusing. The first patch which adds the helper has
> > little in common with what is (or better was since it got reverted) upstream
>
> It looks different because __lookup_hash got removed at some point
> before the upstream commit. So the upstream change more or less
> reimplemented __lookup_hash as an exported interface and reflecting the
> changes to lookups that had transpired in the interim.
>
> > and
> > the second change seems to have been re-done (probably with more dependencies in
> > c1b2cc1a765aff4df7b22abe6b66014236f73eba.
>
> Re-done out of necessity due to underlying changes in dentry hashing.
>
> > I wonder whether it would not be better to try backporting the final state of
> > this (if that does not end up being a huge mess) or at least combine the current
> > two into a SAUCE patch.
>
> Not a huge mess I suspect, but it will probably still look fairly
> different from the upstream commit. Partly because the "mounter
> credentials" concept appeared as sauce in Ubuntu before it appeared
> upstream and looks a bit different, and partly because of the lookup
> changes that have transpired since 4.4.
>
> So it ends up being another backport of the concept to match the
> implementation details of dentry lookup in 4.4. I'm not particularly
> picky about which backport we use to be honest, either should fix the
> bug.
So if I do a little bit of cleanup work first,
c1b2cc1a765aff4df7b22abe6b66014236f73eba becomes a pretty
straight-forward backport. Additionally the cleanup is a good
improvement, so I think this probably is the better way to go. I'll send
new patches.
Seth
More information about the kernel-team
mailing list