runroot: add check that it is on volatile storage

Make sure the runroot won't persist after a reboot, if it happens then we can carry wrong information on the current active mounts. Closes: containers/podman#2150 Signed-off-by: Giuseppe Scrivano <[email protected]>
giuseppe · Apr 24, 2019 · 20b8545 · 20b8545
1 parent f00b842
commit 20b8545
Show file tree

Hide file tree

Showing 7 changed files with 71 additions and 0 deletions.
diff --git a/errors.go b/errors.go
@@ -53,4 +53,6 @@ var (
 	ErrDigestUnknown = errors.New("could not compute digest of item")
 	// ErrLayerNotMounted is returned when the requested information can only be computed for a mounted layer, and the layer is not mounted.
 	ErrLayerNotMounted = errors.New("layer is not mounted")
+	// ErrTargetNotVolatile is returned when a path must be on volatile storage.
+	ErrTargetNotVolatile = errors.New("the target is not on tmpfs")
 )
diff --git a/pkg/mount/mountinfo_freebsd.go b/pkg/mount/mountinfo_freebsd.go
@@ -39,3 +39,8 @@ func parseMountTable() ([]*Info, error) {
 	}
 	return out, nil
 }
+
+// IsOnVolatileStorage returns whether the specified target is on tmpfs.
+func IsOnVolatileStorage(target string) (bool, error) {
+	return true, nil
+}
diff --git a/pkg/mount/mountinfo_linux.go b/pkg/mount/mountinfo_linux.go
@@ -7,7 +7,11 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"path/filepath"
 	"strings"
+
+	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
 )
 
 const (
@@ -26,6 +30,8 @@ const (
 	   (10) mount source:  filesystem specific information or "none"
 	   (11) super options:  per super block options*/
 	mountinfoFormat = "%d %d %d:%d %s %s %s %s"
+
+	TMPFS_MAGIC = 0x1021994
 )
 
 // Parse /proc/self/mountinfo because comparing Dev and ino does not work from
@@ -93,3 +99,20 @@ func PidMountInfo(pid int) ([]*Info, error) {
 
 	return parseInfoFile(f)
 }
+
+// IsOnVolatileStorage returns whether the specified target is on tmpfs.
+func IsOnVolatileStorage(target string) (bool, error) {
+	var fs unix.Statfs_t
+	// Make sure it's read-only.
+	for {
+		err := unix.Statfs(target, &fs)
+		if err == nil {
+			break
+		}
+		if !os.IsNotExist(err) {
+			return false, errors.Wrapf(err, "error statfs %s", target)
+		}
+		target = filepath.Dir(target)
+	}
+	return fs.Type == TMPFS_MAGIC, nil
+}
diff --git a/pkg/mount/mountinfo_solaris.go b/pkg/mount/mountinfo_solaris.go
@@ -35,3 +35,8 @@ func parseMountTable() ([]*Info, error) {
 	C.fclose(mnttab)
 	return out, nil
 }
+
+// IsOnVolatileStorage returns whether the specified target is on tmpfs.
+func IsOnVolatileStorage(target string) (bool, error) {
+	return true, nil
+}
diff --git a/pkg/mount/mountinfo_unsupported.go b/pkg/mount/mountinfo_unsupported.go
@@ -10,3 +10,8 @@ import (
 func parseMountTable() ([]*Info, error) {
 	return nil, fmt.Errorf("mount.parseMountTable is not implemented on %s/%s", runtime.GOOS, runtime.GOARCH)
 }
+
+// IsOnVolatileStorage returns whether the specified target is on tmpfs.
+func IsOnVolatileStorage(target string) (bool, error) {
+	return true, nil
+}
diff --git a/pkg/mount/mountinfo_windows.go b/pkg/mount/mountinfo_windows.go
@@ -4,3 +4,8 @@ func parseMountTable() ([]*Info, error) {
 	// Do NOT return an error!
 	return nil, nil
 }
+
+// IsOnVolatileStorage returns whether the specified target is on tmpfs.
+func IsOnVolatileStorage(target string) (bool, error) {
+	return true, nil
+}
diff --git a/store.go b/store.go
@@ -22,6 +22,7 @@ import (
 	"github.com/containers/storage/pkg/directory"
 	"github.com/containers/storage/pkg/idtools"
 	"github.com/containers/storage/pkg/ioutils"
+	"github.com/containers/storage/pkg/mount"
 	"github.com/containers/storage/pkg/parsers"
 	"github.com/containers/storage/pkg/stringid"
 	"github.com/containers/storage/pkg/stringutils"
@@ -148,6 +149,9 @@ type StoreOptions struct {
 	// for use inside of a user namespace where UID mapping is being used.
 	UIDMap []idtools.IDMap `json:"uidmap,omitempty"`
 	GIDMap []idtools.IDMap `json:"gidmap,omitempty"`
+	// SkipRunRootCheck disables the check for the RunRoot to be on a volatile
+	// storage.
+	SkipRunRootCheck bool
 }
 
 // Store wraps up the various types of file-based stores that we use into a
@@ -535,6 +539,16 @@ type store struct {
 	digestLockRoot  string
 }
 
+func validateRunRoot(runRoot string) error {
+	if onTmpfs, err := mount.IsOnVolatileStorage(runRoot); err != nil || !onTmpfs {
+		if err != nil {
+			return errors.Wrapf(err, "cannot check if %s is on tmpfs", runRoot)
+		}
+		return errors.Wrapf(ErrTargetNotVolatile, "%s must be on tmpfs", runRoot)
+	}
+	return nil
+}
+
 // GetStore attempts to find an already-created Store object matching the
 // specified location and graph driver, and if it can't, it creates and
 // initializes a new Store object, and the underlying storage that it controls.
@@ -600,6 +614,12 @@ func GetStore(options StoreOptions) (Store, error) {
 		}
 	}
 
+	if !options.SkipRunRootCheck {
+		if err := validateRunRoot(options.RunRoot); err != nil {
+			return nil, err
+		}
+	}
+
 	graphLock, err := GetLockfile(filepath.Join(options.GraphRoot, "storage.lock"))
 	if err != nil {
 		return nil, err
@@ -3278,6 +3298,12 @@ func ReloadConfigurationFile(configFile string, storeOptions *StoreOptions) {
 		storeOptions.GraphDriverName = config.Storage.Driver
 	}
 	if config.Storage.RunRoot != "" {
+		if !storeOptions.SkipRunRootCheck {
+			if err := validateRunRoot(config.Storage.RunRoot); err != nil {
+				fmt.Printf("Failed to set runroot to %s %v\n", config.Storage.RunRoot, err.Error())
+				return
+			}
+		}
 		storeOptions.RunRoot = config.Storage.RunRoot
 	}
 	if config.Storage.GraphRoot != "" {