[lxc/lxc] 1a2da7: Add support for squashfs images in oci via atomfs
3 views
Skip to first unread message
Serge Hallyn
Feb 27, 2023, 2:58:01 PM2/27/23
to lxc-...@lists.linuxcontainers.org
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 1a2da75b6e8431f3530ebd3f75442d3bd5eec5e2
https://github.com/lxc/lxc/commit/1a2da75b6e8431f3530ebd3f75442d3bd5eec5e2
Author: Scott Moser <smo...@brickies.net>
Date: 2023-02-27 (Mon, 27 Feb 2023)
Changed paths:
M templates/lxc-oci.in
Log Message:
-----------
Add support for squashfs images in oci via atomfs
This adds support to the oci template for squashfs images.
It uses 'atomfs' from [1] to accomplish this.
Squashfs images (media type
application/vnd.stacker.image.layer.squashfs+zstd+verity) have several
benefits compared to tar+gz:
* immediately mountable
* read-only filesystem
* verity data present in oci manifest.
I presented this at Fosdem 2023 at [2].
The 'atomfs' program can be replaced by passing '--mount-helper'
argument to the oci template.
mount-helper mount oci:<oci_dir>:<oci_name> <mountpoint>
mount-helper umount <mountpoint>
[1] https://github.com/project-machine/atomfs
[2] https://fosdem.org/2023/schedule/event/container_secure_storage/
Signed-off-by: Scott Moser <smo...@brickies.net>
Commit: 4ea0b361f1d0c7ce67523a59a7a834eb12f7b555
https://github.com/lxc/lxc/commit/4ea0b361f1d0c7ce67523a59a7a834eb12f7b555
Author: Scott Moser <smo...@brickies.net>
Date: 2023-02-27 (Mon, 27 Feb 2023)
Changed paths:
M config/apparmor/abstractions/start-container.in
Log Message:
-----------
Allow fuse mounts in apparmor start-container.
Unprivledged user should be able to do fuse mounts during start-container.
Specifically this solves the problem for un-priv fuse mounting via
pre-hook.
Signed-off-by: Scott Moser <smo...@brickies.net>
Commit: 838221c11152d57c456a9d9440d0776a6849ba5c
https://github.com/lxc/lxc/commit/838221c11152d57c456a9d9440d0776a6849ba5c
Author: Serge Hallyn <se...@hallyn.com>
Date: 2023-02-27 (Mon, 27 Feb 2023)
Changed paths:
M config/apparmor/abstractions/start-container.in
M templates/lxc-oci.in
Log Message:
-----------
Merge pull request #4281 from smoser/feature/oci-squashfs
Add support for squashfs images in oci via atomfs
Compare: https://github.com/lxc/lxc/compare/71f7e788d9f4...838221c11152
Home: https://github.com/lxc/lxc
Commit: 1a2da75b6e8431f3530ebd3f75442d3bd5eec5e2
https://github.com/lxc/lxc/commit/1a2da75b6e8431f3530ebd3f75442d3bd5eec5e2
Author: Scott Moser <smo...@brickies.net>
Date: 2023-02-27 (Mon, 27 Feb 2023)
Changed paths:
M templates/lxc-oci.in
Log Message:
-----------
Add support for squashfs images in oci via atomfs
This adds support to the oci template for squashfs images.
It uses 'atomfs' from [1] to accomplish this.
Squashfs images (media type
application/vnd.stacker.image.layer.squashfs+zstd+verity) have several
benefits compared to tar+gz:
* immediately mountable
* read-only filesystem
* verity data present in oci manifest.
I presented this at Fosdem 2023 at [2].
The 'atomfs' program can be replaced by passing '--mount-helper'
argument to the oci template.
mount-helper mount oci:<oci_dir>:<oci_name> <mountpoint>
mount-helper umount <mountpoint>
[1] https://github.com/project-machine/atomfs
[2] https://fosdem.org/2023/schedule/event/container_secure_storage/
Signed-off-by: Scott Moser <smo...@brickies.net>
Commit: 4ea0b361f1d0c7ce67523a59a7a834eb12f7b555
https://github.com/lxc/lxc/commit/4ea0b361f1d0c7ce67523a59a7a834eb12f7b555
Author: Scott Moser <smo...@brickies.net>
Date: 2023-02-27 (Mon, 27 Feb 2023)
Changed paths:
M config/apparmor/abstractions/start-container.in
Log Message:
-----------
Allow fuse mounts in apparmor start-container.
Unprivledged user should be able to do fuse mounts during start-container.
Specifically this solves the problem for un-priv fuse mounting via
pre-hook.
Signed-off-by: Scott Moser <smo...@brickies.net>
Commit: 838221c11152d57c456a9d9440d0776a6849ba5c
https://github.com/lxc/lxc/commit/838221c11152d57c456a9d9440d0776a6849ba5c
Author: Serge Hallyn <se...@hallyn.com>
Date: 2023-02-27 (Mon, 27 Feb 2023)
Changed paths:
M config/apparmor/abstractions/start-container.in
M templates/lxc-oci.in
Log Message:
-----------
Merge pull request #4281 from smoser/feature/oci-squashfs
Add support for squashfs images in oci via atomfs
Compare: https://github.com/lxc/lxc/compare/71f7e788d9f4...838221c11152
Reply all
Reply to author
Forward
0 new messages