From 0cf00d1251ff276d5b9b7a0e4eadb783a45a6b65 Mon Sep 17 00:00:00 2001 From: "Gregory M. Kurtzer" Date: Mon, 2 Jan 2017 20:44:39 +0000 Subject: [PATCH] Updates --- src/lib/image/image.h | 10 +- src/lib/image/mount/Makefile.am | 10 +- .../{rootfs => image/mount}/dir/Makefile.am | 0 src/lib/{rootfs => image/mount}/dir/dir.c | 0 src/lib/{rootfs => image/mount}/dir/dir.h | 0 .../{rootfs => image/mount}/image/Makefile.am | 0 src/lib/{rootfs => image/mount}/image/image.c | 0 src/lib/{rootfs => image/mount}/image/image.h | 0 src/lib/image/mount/mount.c | 281 +++++++++++++++--- .../{rootfs/rootfs.h => image/mount/mount.h} | 0 .../mount}/squashfs/Makefile.am | 0 .../mount}/squashfs/squashfs.c | 0 .../mount}/squashfs/squashfs.h | 0 src/lib/rootfs/Makefile.am | 16 - src/lib/rootfs/rootfs.c | 265 ----------------- 15 files changed, 259 insertions(+), 323 deletions(-) rename src/lib/{rootfs => image/mount}/dir/Makefile.am (100%) rename src/lib/{rootfs => image/mount}/dir/dir.c (100%) rename src/lib/{rootfs => image/mount}/dir/dir.h (100%) rename src/lib/{rootfs => image/mount}/image/Makefile.am (100%) rename src/lib/{rootfs => image/mount}/image/image.c (100%) rename src/lib/{rootfs => image/mount}/image/image.h (100%) rename src/lib/{rootfs/rootfs.h => image/mount/mount.h} (100%) rename src/lib/{rootfs => image/mount}/squashfs/Makefile.am (100%) rename src/lib/{rootfs => image/mount}/squashfs/squashfs.c (100%) rename src/lib/{rootfs => image/mount}/squashfs/squashfs.h (100%) delete mode 100644 src/lib/rootfs/Makefile.am delete mode 100644 src/lib/rootfs/rootfs.c diff --git a/src/lib/image/image.h b/src/lib/image/image.h index 32b28947a4..b970f34567 100644 --- a/src/lib/image/image.h +++ b/src/lib/image/image.h @@ -27,19 +27,21 @@ extern char *singularity_image_tempdir(char *directory); // Attach the process to a given image extern int singularity_image_attach(char *path); -extern int singularity_image_attach_fd(); -extern FILE *singularity_image_attach_fp(); +extern int singularity_image_attach_fd(void); +extern FILE *singularity_image_attach_fp(void); extern int singularity_image_check(FILE *image_fp); extern int singularity_image_offset(FILE *image_fp); extern int singularity_image_bind(FILE *image_fp); -extern char *singularity_image_bind_dev(); +extern char *singularity_image_bind_dev(void); extern int singularity_image_create(char *image, unsigned int size); extern int singularity_image_expand(FILE *image_fp, unsigned int size); -extern int singularity_image_mount(char *mountpoint, unsigned int flags); +extern int singularity_image_mount(unsigned int flags); +extern int singularity_image_mount_overlayfs(void); +extern char *singularity_image_mount_path(void); #define SI_MOUNT_DEFAULTS 0 #define SI_MOUNT_RW 1 diff --git a/src/lib/image/mount/Makefile.am b/src/lib/image/mount/Makefile.am index 80da60e65f..0d12ba67e5 100644 --- a/src/lib/image/mount/Makefile.am +++ b/src/lib/image/mount/Makefile.am @@ -1,4 +1,6 @@ -MAINTAINERCLEANFILES = Makefile.in +SUBDIRS = dir image squashfs + +MAINTAINERCLEANFILES = Makefile.in DISTCLEANFILES = Makefile CLEANFILES = core.* *~ *.la @@ -6,5 +8,7 @@ AM_CFLAGS = -Wall -fpie AM_LDFLAGS = -pie AM_CPPFLAGS = -DSYSCONFDIR=\"$(sysconfdir)\" -DLOCALSTATEDIR=\"$(localstatedir)\" -DLIBEXECDIR=\"$(libexecdir)\" $(SINGULARITY_DEFINES) $(NO_SETNS) -noinst_LTLIBRARIES = libimagemount.la -libimagemount_la_SOURCES = mount.c +noinst_LTLIBRARIES = libinternal.la +libinternal_la_SOURCES = mount.c + +EXTRA_DIST = mount.h diff --git a/src/lib/rootfs/dir/Makefile.am b/src/lib/image/mount/dir/Makefile.am similarity index 100% rename from src/lib/rootfs/dir/Makefile.am rename to src/lib/image/mount/dir/Makefile.am diff --git a/src/lib/rootfs/dir/dir.c b/src/lib/image/mount/dir/dir.c similarity index 100% rename from src/lib/rootfs/dir/dir.c rename to src/lib/image/mount/dir/dir.c diff --git a/src/lib/rootfs/dir/dir.h b/src/lib/image/mount/dir/dir.h similarity index 100% rename from src/lib/rootfs/dir/dir.h rename to src/lib/image/mount/dir/dir.h diff --git a/src/lib/rootfs/image/Makefile.am b/src/lib/image/mount/image/Makefile.am similarity index 100% rename from src/lib/rootfs/image/Makefile.am rename to src/lib/image/mount/image/Makefile.am diff --git a/src/lib/rootfs/image/image.c b/src/lib/image/mount/image/image.c similarity index 100% rename from src/lib/rootfs/image/image.c rename to src/lib/image/mount/image/image.c diff --git a/src/lib/rootfs/image/image.h b/src/lib/image/mount/image/image.h similarity index 100% rename from src/lib/rootfs/image/image.h rename to src/lib/image/mount/image/image.h diff --git a/src/lib/image/mount/mount.c b/src/lib/image/mount/mount.c index 2ee9b5ecd9..9268813d90 100644 --- a/src/lib/image/mount/mount.c +++ b/src/lib/image/mount/mount.c @@ -16,60 +16,271 @@ * to reproduce, distribute copies to the public, prepare derivative works, and * perform publicly and display publicly, and to permit other to do so. * - */ +*/ +#include +#include #include -#include -#include -#include +#include #include #include -#include -#include -#include -#include -#include -#include -#include -#include +#include +#include +#include #include #include -#include "config.h" -#include "lib/config_parser.h" -#include "lib/singularity.h" #include "util/file.h" #include "util/util.h" +#include "lib/message.h" +#include "lib/config_parser.h" +#include "lib/privilege.h" + +#include "../image.h" + +#include "./image/image.h" +#include "./dir/dir.h" +#include "./squashfs/squashfs.h" + +#define ROOTFS_IMAGE 1 +#define ROOTFS_DIR 2 +#define ROOTFS_SQUASHFS 3 + +#define ROOTFS_SOURCE "/source" +#define OVERLAY_MOUNT "/overlay" +#define OVERLAY_UPPER "/overlay/upper" +#define OVERLAY_WORK "/overlay/work" +#define OVERLAY_FINAL "/final" + + +static int module = -1; +static int overlay_enabled = -1; +static char *mount_point = NULL; + +int _singularity_image_mount_overlayfs(void) { + return(overlay_enabled); +} + +char *_singularity_image_mount_path(void) { + return(joinpath(mount_point, OVERLAY_FINAL)); +} + +int _singularity_image_mount(void) { + char *rootfs_source = joinpath(mount_point, ROOTFS_SOURCE); + char *overlay_mount = joinpath(mount_point, OVERLAY_MOUNT); + char *overlay_upper = joinpath(mount_point, OVERLAY_UPPER); + char *overlay_work = joinpath(mount_point, OVERLAY_WORK); + char *overlay_final = joinpath(mount_point, OVERLAY_FINAL); + + singularity_message(DEBUG, "Checking on container source type\n"); -int singularity_image_mount(int argc, char ** argv) { - char *containerimage; + if ( _singularity_image_mount_image_check(source) == 0 ) { + module = ROOTFS_IMAGE; + } else if ( _singularity_image_mount_squashfs_check(source) == 0 ) { + module = ROOTFS_SQUASHFS; + } else if ( _singularity_image_mount_dir_check(source) == 0 ) { + module = ROOTFS_DIR; + } else { + singularity_message(ERROR, "Could not identify image format type: %s\n", source); + ABORT(255); + } + + singularity_message(DEBUG, "Checking 'container dir' mount location: %s\n", mount_point); + if ( is_dir(mount_point) < 0 ) { + singularity_priv_escalate(); + singularity_message(VERBOSE, "Creating container dir: %s\n", mount_point); + if ( s_mkpath(mount_point, 0755) < 0 ) { + singularity_message(ERROR, "Could not create directory: %s\n", mount_point); + ABORT(255); + } + singularity_priv_drop(); + } - if ( argv[1] == NULL ) { - fprintf(stderr, "USAGE: SINGULARITY_IMAGE=[image] %s [command...]\n", argv[0]); - return(1); + singularity_message(DEBUG, "Checking for rootfs_source directory: %s\n", rootfs_source); + if ( is_dir(rootfs_source) < 0 ) { + singularity_priv_escalate(); + singularity_message(VERBOSE, "Creating container destination dir: %s\n", rootfs_source); + if ( s_mkpath(rootfs_source, 0755) < 0 ) { + singularity_message(ERROR, "Could not create directory: %s\n", rootfs_source); + ABORT(255); + } + singularity_priv_drop(); } - singularity_message(VERBOSE, "Obtaining container name from environment variable\n"); - if ( ( containerimage = envar_path("SINGULARITY_IMAGE") ) == NULL ) { - singularity_message(ERROR, "SINGULARITY_IMAGE not defined!\n"); + singularity_message(DEBUG, "Checking for overlay_mount directory: %s\n", overlay_mount); + if ( is_dir(overlay_mount) < 0 ) { + singularity_priv_escalate(); + singularity_message(VERBOSE, "Creating container mount dir: %s\n", overlay_mount); + if ( s_mkpath(overlay_mount, 0755) < 0 ) { + singularity_message(ERROR, "Could not create directory: %s\n", overlay_mount); + ABORT(255); + } + singularity_priv_drop(); + } + + singularity_message(DEBUG, "Checking for overlay_final directory: %s\n", overlay_final); + if ( is_dir(overlay_final) < 0 ) { + singularity_priv_escalate(); + singularity_message(VERBOSE, "Creating overlay final dir: %s\n", overlay_final); + if ( s_mkpath(overlay_final, 0755) < 0 ) { + singularity_message(ERROR, "Could not create directory: %s\n", overlay_final); + ABORT(255); + } + singularity_priv_drop(); + } + + if ( module == ROOTFS_IMAGE ) { + if ( _singularity_image_mount_image_mount(source, joinpath(mount_point, ROOTFS_SOURCE)) < 0 ) { + singularity_message(ERROR, "Failed mounting image, aborting...\n"); + ABORT(255); + } + } else if ( module == ROOTFS_DIR ) { + if ( _singularity_image_mount_dir_mount(source, joinpath(mount_point, ROOTFS_SOURCE)) < 0 ) { + singularity_message(ERROR, "Failed mounting directory, aborting...\n"); + ABORT(255); + } + } else if ( module == ROOTFS_SQUASHFS ) { + if ( _singularity_image_mount_squashfs_mount(source, joinpath(mount_point, ROOTFS_SOURCE)) < 0 ) { + singularity_message(ERROR, "Failed mounting SquashFS, aborting...\n"); + ABORT(255); + } + } else { + singularity_message(ERROR, "Internal error, no rootfs type defined\n"); ABORT(255); } - singularity_priv_init(); - singularity_config_init(joinpath(SYSCONFDIR, "/singularity/singularity.conf")); - singularity_sessiondir_init(containerimage); - singularity_ns_user_unshare(); - singularity_ns_mnt_unshare(); + if ( singularity_config_get_bool(ENABLE_OVERLAY) <= 0 ) { + singularity_message(VERBOSE3, "Not enabling overlayFS via configuration\n"); + } else if ( envar_defined("SINGULARITY_DISABLE_OVERLAYFS") == TRUE ) { + singularity_message(VERBOSE3, "Not enabling overlayFS via environment\n"); + } else if ( envar_defined("SINGULARITY_WRITABLE") == TRUE ) { + singularity_message(VERBOSE3, "Not enabling overlayFS, image mounted writablable\n"); + } else { +#ifdef SINGULARITY_OVERLAYFS + int overlay_options_len = strlength(rootfs_source, PATH_MAX) + strlength(overlay_upper, PATH_MAX) + strlength(overlay_work, PATH_MAX) + 50; + char *overlay_options = (char *) malloc(overlay_options_len); - singularity_rootfs_init(containerimage); - singularity_rootfs_mount(); + singularity_message(DEBUG, "OverlayFS enabled by host build\n"); - free(containerimage); + snprintf(overlay_options, overlay_options_len, "lowerdir=%s,upperdir=%s,workdir=%s", rootfs_source, overlay_upper, overlay_work); // Flawfinder: ignore - singularity_message(VERBOSE, "Setting SINGULARITY_ROOTFS to '%s'\n", singularity_rootfs_dir()); - setenv("SINGULARITY_ROOTFS", singularity_rootfs_dir(), 1); + singularity_priv_escalate(); + singularity_message(DEBUG, "Mounting overlay tmpfs: %s\n", overlay_mount); + if ( mount("tmpfs", overlay_mount, "tmpfs", MS_NOSUID, "size=1m") < 0 ){ + singularity_message(ERROR, "Failed to mount overlay tmpfs %s: %s\n", overlay_mount, strerror(errno)); + ABORT(255); + } - //return(singularity_fork_exec(&argv[1])); //Will actually return 0 to indicated successful execution of function - return(0); //Returns 0, simage binary will handle running &argv[1] + singularity_message(DEBUG, "Creating upper overlay directory: %s\n", overlay_upper); + if ( s_mkpath(overlay_upper, 0755) < 0 ) { + singularity_message(ERROR, "Failed creating upper overlay directory %s: %s\n", overlay_upper, strerror(errno)); + ABORT(255); + } + + singularity_message(DEBUG, "Creating overlay work directory: %s\n", overlay_work); + if ( s_mkpath(overlay_work, 0755) < 0 ) { + singularity_message(ERROR, "Failed creating overlay work directory %s: %s\n", overlay_work, strerror(errno)); + ABORT(255); + } + + singularity_message(VERBOSE, "Mounting overlay with options: %s\n", overlay_options); + if ( mount("overlay", overlay_final, "overlay", MS_NOSUID, overlay_options) < 0 ){ + singularity_message(ERROR, "Could not create overlay: %s\n", strerror(errno)); + ABORT(255); + } + free(overlay_options); + singularity_priv_drop(); + + overlay_enabled = 1; +#else /* SINGULARITY_OVERLAYFS */ + singularity_message(VERBOSE, "OverlayFS not supported by host build\n"); +#endif /* SINGULARITY_OVERLAYFS */ + } + + if ( overlay_enabled != 1 ) { + singularity_priv_escalate(); + singularity_message(VERBOSE3, "Binding the ROOTFS_SOURCE to OVERLAY_FINAL (%s->%s)\n", joinpath(mount_point, ROOTFS_SOURCE), joinpath(mount_point, OVERLAY_FINAL)); + if ( mount(joinpath(mount_point, ROOTFS_SOURCE), joinpath(mount_point, OVERLAY_FINAL), NULL, MS_BIND|MS_NOSUID|MS_REC, NULL) < 0 ) { + singularity_message(ERROR, "There was an error binding the path %s: %s\n", joinpath(mount_point, ROOTFS_SOURCE), strerror(errno)); + ABORT(255); + } + singularity_priv_drop(); + } + + return(0); } + + +/* + +int singularity_rootfs_check(void) { + + singularity_message(DEBUG, "Checking if container has /bin/sh...\n"); + if ( ( is_exec(joinpath(joinpath(mount_point, OVERLAY_FINAL), "/bin/sh")) < 0 ) && ( is_link(joinpath(joinpath(mount_point, OVERLAY_FINAL), "/bin/sh")) < 0 ) ) { + singularity_message(ERROR, "Container does not have a valid /bin/sh\n"); + ABORT(255); + } + + return(0); +} + + +int singularity_rootfs_chroot(void) { + + singularity_priv_escalate(); + singularity_message(VERBOSE, "Entering container file system root: %s\n", joinpath(mount_point, OVERLAY_FINAL)); + if ( chroot(joinpath(mount_point, OVERLAY_FINAL)) < 0 ) { // Flawfinder: ignore (yep, yep, yep... we know!) + singularity_message(ERROR, "failed enter container at: %s\n", joinpath(mount_point, OVERLAY_FINAL)); + ABORT(255); + } + singularity_priv_drop(); + + singularity_message(DEBUG, "Changing dir to '/' within the new root\n"); + if ( chdir("/") < 0 ) { + singularity_message(ERROR, "Could not chdir after chroot to /: %s\n", strerror(errno)); + ABORT(1); + } + + return(0); +} + + + +int singularity_rootfs_init(char *source) { + char *containername = basename(strdup(source)); + + singularity_message(DEBUG, "Checking on container source type\n"); + + if ( containername != NULL ) { + setenv("SINGULARITY_CONTAINER", containername, 1); + } else { + setenv("SINGULARITY_CONTAINER", "unknown", 1); + } + + singularity_message(DEBUG, "Figuring out where to mount Singularity container\n"); + + mount_point = strdup(singularity_config_get_value(CONTAINER_DIR)); + singularity_message(VERBOSE3, "Set image mount path to: %s\n", mount_point); + + if ( is_file(source) == 0 ) { + int len = strlength(source, PATH_MAX); + if ( strcmp(&source[len - 5], ".sqsh") == 0 ) { + module = ROOTFS_SQUASHFS; + return(rootfs_squashfs_init(source, joinpath(mount_point, ROOTFS_SOURCE))); + } else { // Assume it is a standard Singularity image + module = ROOTFS_IMAGE; + return(rootfs_image_init(source, joinpath(mount_point, ROOTFS_SOURCE))); + } + } else if ( is_dir(source) == 0 ) { + module = ROOTFS_DIR; + return(rootfs_dir_init(source, joinpath(mount_point, ROOTFS_SOURCE))); + } + + singularity_message(ERROR, "Container not found: %s\n", source); + ABORT(255); + return(-1); +} + + +*/ diff --git a/src/lib/rootfs/rootfs.h b/src/lib/image/mount/mount.h similarity index 100% rename from src/lib/rootfs/rootfs.h rename to src/lib/image/mount/mount.h diff --git a/src/lib/rootfs/squashfs/Makefile.am b/src/lib/image/mount/squashfs/Makefile.am similarity index 100% rename from src/lib/rootfs/squashfs/Makefile.am rename to src/lib/image/mount/squashfs/Makefile.am diff --git a/src/lib/rootfs/squashfs/squashfs.c b/src/lib/image/mount/squashfs/squashfs.c similarity index 100% rename from src/lib/rootfs/squashfs/squashfs.c rename to src/lib/image/mount/squashfs/squashfs.c diff --git a/src/lib/rootfs/squashfs/squashfs.h b/src/lib/image/mount/squashfs/squashfs.h similarity index 100% rename from src/lib/rootfs/squashfs/squashfs.h rename to src/lib/image/mount/squashfs/squashfs.h diff --git a/src/lib/rootfs/Makefile.am b/src/lib/rootfs/Makefile.am deleted file mode 100644 index 4a7b04e881..0000000000 --- a/src/lib/rootfs/Makefile.am +++ /dev/null @@ -1,16 +0,0 @@ -SUBDIRS = image dir squashfs - -MAINTAINERCLEANFILES = Makefile.in -DISTCLEANFILES = Makefile -CLEANFILES = core.* *~ *.la - -AM_CFLAGS = -Wall -fpie -AM_LDFLAGS = -pie -AM_CPPFLAGS = -DSYSCONFDIR=\"$(sysconfdir)\" -DLOCALSTATEDIR=\"$(localstatedir)\" -DLIBEXECDIR=\"$(libexecdir)\" $(SINGULARITY_DEFINES) $(NO_SETNS) - -noinst_LTLIBRARIES = librootfs.la - -librootfs_la_LIBADD = image/librootfsimage.la dir/librootfsdir.la squashfs/librootfssquashfs.la -librootfs_la_SOURCES = rootfs.c - -EXTRA_DIST = rootfs.h diff --git a/src/lib/rootfs/rootfs.c b/src/lib/rootfs/rootfs.c deleted file mode 100644 index 9b97416768..0000000000 --- a/src/lib/rootfs/rootfs.c +++ /dev/null @@ -1,265 +0,0 @@ -/* - * Copyright (c) 2015-2016, Gregory M. Kurtzer. All rights reserved. - * - * “Singularity” Copyright (c) 2016, The Regents of the University of California, - * through Lawrence Berkeley National Laboratory (subject to receipt of any - * required approvals from the U.S. Dept. of Energy). All rights reserved. - * - * This software is licensed under a customized 3-clause BSD license. Please - * consult LICENSE file distributed with the sources of this project regarding - * your rights to use or distribute this software. - * - * NOTICE. This Software was developed under funding from the U.S. Department of - * Energy and the U.S. Government consequently retains certain rights. As such, - * the U.S. Government has been granted for itself and others acting on its - * behalf a paid-up, nonexclusive, irrevocable, worldwide license in the Software - * to reproduce, distribute copies to the public, prepare derivative works, and - * perform publicly and display publicly, and to permit other to do so. - * -*/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "util/file.h" -#include "util/util.h" -#include "lib/message.h" -#include "lib/config_parser.h" -#include "lib/privilege.h" -#include "image/image.h" -#include "dir/dir.h" -#include "squashfs/squashfs.h" - -#define ROOTFS_IMAGE 1 -#define ROOTFS_DIR 2 -#define ROOTFS_SQUASHFS 3 - -#define ROOTFS_SOURCE "/source" -#define OVERLAY_MOUNT "/overlay" -#define OVERLAY_UPPER "/overlay/upper" -#define OVERLAY_WORK "/overlay/work" -#define OVERLAY_FINAL "/final" - - -static int module = 0; -static int overlay_enabled = 0; -static char *mount_point = NULL; - - -int singularity_rootfs_overlay_enabled(void) { - singularity_message(DEBUG, "Returning singularity_rootfs_overlay: %d\n", overlay_enabled); - return(overlay_enabled); -} - -char *singularity_rootfs_dir(void) { - singularity_message(DEBUG, "Returning singularity_rootfs_dir: %s\n", joinpath(mount_point, OVERLAY_FINAL)); - return(joinpath(mount_point, OVERLAY_FINAL)); -} - -int singularity_rootfs_init(char *source) { - char *containername = basename(strdup(source)); - - singularity_message(DEBUG, "Checking on container source type\n"); - - if ( containername != NULL ) { - setenv("SINGULARITY_CONTAINER", containername, 1); - } else { - setenv("SINGULARITY_CONTAINER", "unknown", 1); - } - - singularity_message(DEBUG, "Figuring out where to mount Singularity container\n"); - - mount_point = strdup(singularity_config_get_value(CONTAINER_DIR)); - singularity_message(VERBOSE3, "Set image mount path to: %s\n", mount_point); - - if ( is_file(source) == 0 ) { - int len = strlength(source, PATH_MAX); - if ( strcmp(&source[len - 5], ".sqsh") == 0 ) { - module = ROOTFS_SQUASHFS; - return(rootfs_squashfs_init(source, joinpath(mount_point, ROOTFS_SOURCE))); - } else { // Assume it is a standard Singularity image - module = ROOTFS_IMAGE; - return(rootfs_image_init(source, joinpath(mount_point, ROOTFS_SOURCE))); - } - } else if ( is_dir(source) == 0 ) { - module = ROOTFS_DIR; - return(rootfs_dir_init(source, joinpath(mount_point, ROOTFS_SOURCE))); - } - - singularity_message(ERROR, "Container not found: %s\n", source); - ABORT(255); - return(-1); -} - -int singularity_rootfs_mount(void) { - char *rootfs_source = joinpath(mount_point, ROOTFS_SOURCE); - char *overlay_mount = joinpath(mount_point, OVERLAY_MOUNT); - char *overlay_upper = joinpath(mount_point, OVERLAY_UPPER); - char *overlay_work = joinpath(mount_point, OVERLAY_WORK); - char *overlay_final = joinpath(mount_point, OVERLAY_FINAL); - - singularity_message(DEBUG, "Checking 'container dir' mount location: %s\n", mount_point); - if ( is_dir(mount_point) < 0 ) { - singularity_priv_escalate(); - singularity_message(VERBOSE, "Creating container dir: %s\n", mount_point); - if ( s_mkpath(mount_point, 0755) < 0 ) { - singularity_message(ERROR, "Could not create directory: %s\n", mount_point); - ABORT(255); - } - singularity_priv_drop(); - } - - singularity_message(DEBUG, "Checking for rootfs_source directory: %s\n", rootfs_source); - if ( is_dir(rootfs_source) < 0 ) { - singularity_priv_escalate(); - singularity_message(VERBOSE, "Creating container destination dir: %s\n", rootfs_source); - if ( s_mkpath(rootfs_source, 0755) < 0 ) { - singularity_message(ERROR, "Could not create directory: %s\n", rootfs_source); - ABORT(255); - } - singularity_priv_drop(); - } - - singularity_message(DEBUG, "Checking for overlay_mount directory: %s\n", overlay_mount); - if ( is_dir(overlay_mount) < 0 ) { - singularity_priv_escalate(); - singularity_message(VERBOSE, "Creating container mount dir: %s\n", overlay_mount); - if ( s_mkpath(overlay_mount, 0755) < 0 ) { - singularity_message(ERROR, "Could not create directory: %s\n", overlay_mount); - ABORT(255); - } - singularity_priv_drop(); - } - - singularity_message(DEBUG, "Checking for overlay_final directory: %s\n", overlay_final); - if ( is_dir(overlay_final) < 0 ) { - singularity_priv_escalate(); - singularity_message(VERBOSE, "Creating overlay final dir: %s\n", overlay_final); - if ( s_mkpath(overlay_final, 0755) < 0 ) { - singularity_message(ERROR, "Could not create directory: %s\n", overlay_final); - ABORT(255); - } - singularity_priv_drop(); - } - - if ( module == ROOTFS_IMAGE ) { - if ( rootfs_image_mount() < 0 ) { - singularity_message(ERROR, "Failed mounting image, aborting...\n"); - ABORT(255); - } - } else if ( module == ROOTFS_DIR ) { - if ( rootfs_dir_mount() < 0 ) { - singularity_message(ERROR, "Failed mounting directory, aborting...\n"); - ABORT(255); - } - } else if ( module == ROOTFS_SQUASHFS ) { - if ( rootfs_squashfs_mount() < 0 ) { - singularity_message(ERROR, "Failed mounting SquashFS, aborting...\n"); - ABORT(255); - } - } else { - singularity_message(ERROR, "Internal error, no rootfs type defined\n"); - ABORT(255); - } - - singularity_message(DEBUG, "OverlayFS enabled by host build\n"); - if ( singularity_config_get_bool(ENABLE_OVERLAY) <= 0 ) { - singularity_message(VERBOSE3, "Not enabling overlayFS via configuration\n"); - } else if ( envar_defined("SINGULARITY_DISABLE_OVERLAYFS") == TRUE ) { - singularity_message(VERBOSE3, "Not enabling overlayFS via environment\n"); - } else if ( envar_defined("SINGULARITY_WRITABLE") == TRUE ) { - singularity_message(VERBOSE3, "Not enabling overlayFS, image mounted writablable\n"); - } else { -#ifdef SINGULARITY_OVERLAYFS - int overlay_options_len = strlength(rootfs_source, PATH_MAX) + strlength(overlay_upper, PATH_MAX) + strlength(overlay_work, PATH_MAX) + 50; - char *overlay_options = (char *) malloc(overlay_options_len); - snprintf(overlay_options, overlay_options_len, "lowerdir=%s,upperdir=%s,workdir=%s", rootfs_source, overlay_upper, overlay_work); // Flawfinder: ignore - - singularity_priv_escalate(); - singularity_message(DEBUG, "Mounting overlay tmpfs: %s\n", overlay_mount); - if ( mount("tmpfs", overlay_mount, "tmpfs", MS_NOSUID, "size=1m") < 0 ){ - singularity_message(ERROR, "Failed to mount overlay tmpfs %s: %s\n", overlay_mount, strerror(errno)); - ABORT(255); - } - - singularity_message(DEBUG, "Creating upper overlay directory: %s\n", overlay_upper); - if ( s_mkpath(overlay_upper, 0755) < 0 ) { - singularity_message(ERROR, "Failed creating upper overlay directory %s: %s\n", overlay_upper, strerror(errno)); - ABORT(255); - } - - singularity_message(DEBUG, "Creating overlay work directory: %s\n", overlay_work); - if ( s_mkpath(overlay_work, 0755) < 0 ) { - singularity_message(ERROR, "Failed creating overlay work directory %s: %s\n", overlay_work, strerror(errno)); - ABORT(255); - } - - singularity_message(VERBOSE, "Mounting overlay with options: %s\n", overlay_options); - if ( mount("overlay", overlay_final, "overlay", MS_NOSUID, overlay_options) < 0 ){ - singularity_message(ERROR, "Could not create overlay: %s\n", strerror(errno)); - ABORT(255); - } - free(overlay_options); - singularity_priv_drop(); - - overlay_enabled = 1; -#else /* SINGULARITY_OVERLAYFS */ - singularity_message(WARNING, "OverlayFS not supported by host build\n"); -#endif /* SINGULARITY_OVERLAYFS */ - } - - if ( overlay_enabled != 1 ) { - singularity_priv_escalate(); - singularity_message(VERBOSE3, "Binding the ROOTFS_SOURCE to OVERLAY_FINAL (%s->%s)\n", joinpath(mount_point, ROOTFS_SOURCE), joinpath(mount_point, OVERLAY_FINAL)); - if ( mount(joinpath(mount_point, ROOTFS_SOURCE), joinpath(mount_point, OVERLAY_FINAL), NULL, MS_BIND|MS_NOSUID|MS_REC, NULL) < 0 ) { - singularity_message(ERROR, "There was an error binding the path %s: %s\n", joinpath(mount_point, ROOTFS_SOURCE), strerror(errno)); - ABORT(255); - } - singularity_priv_drop(); - } - - return(0); -} - -int singularity_rootfs_check(void) { - - singularity_message(DEBUG, "Checking if container has /bin/sh...\n"); - if ( ( is_exec(joinpath(joinpath(mount_point, OVERLAY_FINAL), "/bin/sh")) < 0 ) && ( is_link(joinpath(joinpath(mount_point, OVERLAY_FINAL), "/bin/sh")) < 0 ) ) { - singularity_message(ERROR, "Container does not have a valid /bin/sh\n"); - ABORT(255); - } - - return(0); -} - - -int singularity_rootfs_chroot(void) { - - singularity_priv_escalate(); - singularity_message(VERBOSE, "Entering container file system root: %s\n", joinpath(mount_point, OVERLAY_FINAL)); - if ( chroot(joinpath(mount_point, OVERLAY_FINAL)) < 0 ) { // Flawfinder: ignore (yep, yep, yep... we know!) - singularity_message(ERROR, "failed enter container at: %s\n", joinpath(mount_point, OVERLAY_FINAL)); - ABORT(255); - } - singularity_priv_drop(); - - singularity_message(DEBUG, "Changing dir to '/' within the new root\n"); - if ( chdir("/") < 0 ) { - singularity_message(ERROR, "Could not chdir after chroot to /: %s\n", strerror(errno)); - ABORT(1); - } - - return(0); -} - - -