Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

canUseShifting can segfault #932

Merged
merged 1 commit into from
Jun 9, 2021
Merged

canUseShifting can segfault #932

merged 1 commit into from
Jun 9, 2021

Conversation

rhatdan
Copy link
Member

@rhatdan rhatdan commented Jun 2, 2021

Fixes: containers/podman#10535

Signed-off-by: Daniel J Walsh [email protected]

@rhatdan
Copy link
Member Author

rhatdan commented Jun 2, 2021

@giuseppe @edsantiago PTAL

@edsantiago
Copy link
Member

LGTM, in principle, but do you have any idea what could've led to s.graphDriver being uninitialized in this particular instance?

@rhatdan
Copy link
Member Author

rhatdan commented Jun 2, 2021

No idea, @giuseppe needs to look at this, This change just makes it safer.

@giuseppe
Copy link
Member

giuseppe commented Jun 3, 2021

what do you think if we just move the check later in mount() where we are sure s.graph is not nil?

diff --git a/store.go b/store.go
index 759407c63..8331fafde 100644
--- a/store.go
+++ b/store.go
@@ -2666,6 +2666,10 @@ func (s *store) mount(id string, options drivers.MountOpts) (string, error) {
                s.lastLoaded = time.Now()
        }
 
+       if options.UidMaps != nil || options.GidMaps != nil {
+               options.DisableShifting = !s.canUseShifting(options.UidMaps, options.GidMaps)
+       }
+
        if rlstore.Exists(id) {
                return rlstore.Mount(id, options)
        }
@@ -2706,7 +2710,6 @@ func (s *store) Mount(id, mountLabel string) (string, error) {
                                options.Volatile = v.(bool)
                        }
                }
-               options.DisableShifting = !s.canUseShifting(container.UIDMap, container.GIDMap)
        }
        return s.mount(id, options)
 }

Otherwise we may end up using shifting even if the driver doesn't support it

@rhatdan
Copy link
Member Author

rhatdan commented Jun 4, 2021

@giuseppe Looking at this, I am not sure this should be handled at the store level at all. I think we should just remove this and do it at the driver level. Is it your intention to allow users in their storage.conf to specify to disable shifting?

@giuseppe
Copy link
Member

giuseppe commented Jun 4, 2021

@giuseppe Looking at this, I am not sure this should be handled at the store level at all. I think we should just remove this and do it at the driver level. Is it your intention to allow users in their storage.conf to specify to disable shifting?

I think the store needs to know when shifting is supported by the underlying driver. When it is not supported it needs to create a copy of the image with the shifted IDs.

@rhatdan
Copy link
Member Author

rhatdan commented Jun 8, 2021

@giuseppe PTAL

Copy link
Member

@giuseppe giuseppe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rhatdan
Copy link
Member Author

rhatdan commented Jun 9, 2021

@saschagrunert @vrothberg PTAL

Copy link
Member

@vrothberg vrothberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@vrothberg vrothberg merged commit 38ac468 into containers:master Jun 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

podman build --jobs 4(?) : panic: runtime error: invalid memory address or nil pointer dereference
4 participants