On Wed, Jul 17, 2024 at 6:37 PM Daire Byrne <daire@xxxxxxxx> wrote:
>
> On Fri, 12 Jul 2024 at 00:30, Amir Goldstein <amir73il@xxxxxxxxx> wrote:
> >
> >
> > One more thing that could help said service is if overlayfs
> > supported a hybrid mode of redirect_dir=follow,metacopy=on,
> > where redirect is enabled for regular files for metacopy, but NOT
> > enabled for directories (which was redirect_dir original use case).
> >
> > This way, the service could run the command line:
> > $ mv /ovl/blah/thing /ovl/local
> > then "mv" will get EXDEV for moving directories and will create
> > opaque directories in their place and it will recursively move all
> > the files to the opaque directories.
> >
> > Actually, current code does not even check for redirect_dir=on
> > (i.e. in ovl_can_move()) before setting redirect xattr on regular
> > metacopy files.
> >
> > So as far as I can tell, the following UNTESTED patch might
> > be acceptable, so you can try it out if you like if you think this
> > will help you implement to suggestions above:
> >
> > --- a/fs/overlayfs/params.c
> > +++ b/fs/overlayfs/params.c
> > @@ -824,15 +824,9 @@ int ovl_fs_params_verify(const struct ovl_fs_context *ctx,
> > config->metacopy = true;
> > }
> >
> > - /*
> > - * This is to make the logic below simpler. It doesn't make any other
> > - * difference, since redirect_dir=on is only used for upper.
> > - */
> > - if (!config->upperdir && config->redirect_mode == OVL_REDIRECT_FOLLOW)
> > - config->redirect_mode = OVL_REDIRECT_ON;
> > -
> > /* Resolve verity -> metacopy -> redirect_dir dependency */
> > - if (config->metacopy && config->redirect_mode != OVL_REDIRECT_ON) {
> > + if (config->metacopy && config->redirect_mode != OVL_REDIRECT_ON &&
> > + config->redirect_mode != OVL_REDIRECT_FOLLOW) {
> > if (set.metacopy && set.redirect) {
> > pr_err("conflicting options:
> > metacopy=on,redirect_dir=%s\n",
> > ovl_redirect_mode(config));
> > --
> >
> > Apologies in advance if this idea is flawed.
>
> I finally got around to testing this out
> (metacopy=on,redirect_dir=follow). I had to munge it slightly for
> v6.3.7 (because that's what I had quickly to hand on this
> workstation).
>
> So then I did something like:
>
> mkdir /ovl/lib (makes new opaque dir)
> mv /ovl/blah/thing/version/lib/* /ovl/lib/
> rm -rf /ovl/blah/thing/version/lib
> mv /ovl/lib /ovl/blah/thing/version/lib
>
> With this I get an opaque lib dir and new (non-opaque) dirs below with
> all files containing xattr redirects to the lower level files.
>
> One issue I came across is that it was failing to "mv" symlinks:
>
> mv: cannot move '/ovl/blah/thing/version/lib/libpcre.so' to
> '/ovl/lib/libpcre.so': No such device or address
> mv: cannot move '/ovl/blah/thing/version/lib/libpcre.so.1' to
> '/ovl/lib/libpcre.so.1': No such device or address
>
Not sure. You'll need to debug the problem.
> Where the lib in the same dir they point to was "moved" just fine.
> Again, I can't be certain that my munge of the patch for v6.3.7 isn't
> at fault.
>
> Apart from that, clearly this is a much faster way to build a metadata
> overlay with a root opaque directory in the way that I wanted
> (localising all library dirs and associated lookups).
>
> One doubt, I only need an opaque directory at the top (lib) and then
> everything in the tree below will always come from the upper overlay
> right? So lib/stuff/python2 where lib is opaque and stuff and python2
> are just dirs that would normally be merged but for the opaque lib
> dir? I'm probably confusing myself a little at this point.
If we want to use accurate terminology, lib is not "opaque", but it is
a "pure upper". it only needs to be "opaque" if there is a lower dir
below it that needs to be hidden, so lib will become "opaque" when
you move it *back* into place above the former lower lib dir.
The story with stuff/python2 is - when they are moved into the
opaque lib, they are pure upper and not opaque, then when
lib is moved back, the whole tree just moves so stuff/python2
remain pure upper and not opaque.
Unless I missed something...
>
> I'm aware you can have the redirect on a dir below the lib directory
> to get back to the lower dir contents again. I'm just not sure when
> you are many dir levels down past the only opaque one.
>
With redirect_dir=follow, new dir redirects are not created when moving
directories. Only non-dir metacopy redirects are created.
Thanks,
Amir.
