[PATCH 1/2] mount-copybind: fix shellcheck warning

[PATCH 1/2] mount-copybind: fix shellcheck warning

[luca.boccassi]

From: Luca Boccassi <bluca@debian.org>

$ shellcheck meta/recipes-core/volatile-binds/files/mount-copybind

In meta/recipes-core/volatile-binds/files/mount-copybind line 54:
            mountcontext=",rootcontext=$(matchpathcon -n $mountpoint)"
                                                         ^---------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean:
            mountcontext=",rootcontext=$(matchpathcon -n "$mountpoint")"

For more information:
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
---
 meta/recipes-core/volatile-binds/files/mount-copybind | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/volatile-binds/files/mount-copybind b/meta/recipes-core/volatile-binds/files/mount-copybind
index aad022c6e4..8bbb406b3a 100755
--- a/meta/recipes-core/volatile-binds/files/mount-copybind
+++ b/meta/recipes-core/volatile-binds/files/mount-copybind
@@ -48,7 +48,7 @@ if [ -d "$mountpoint" ]; then
     # If that fails, fall back to slower copy.
     if command -v selinuxenabled > /dev/null 2>&1; then
         if selinuxenabled; then
-            mountcontext=",rootcontext=$(matchpathcon -n $mountpoint)"
+            mountcontext=",rootcontext=$(matchpathcon -n "$mountpoint")"
         fi
     fi
     if ! mount -t overlay overlay -olowerdir="$mountpoint",upperdir="$spec",workdir="$overlay_workdir""$mountcontext" "$mountpoint" > /dev/null 2>&1; then
-- 
2.34.1

[PATCH 2/2] mount-copybind: add MOUNT_COPYBIND_AVOID_OVERLAYFS env var to skip OverlayFS

[luca.boccassi]

From: Luca Boccassi <luca.boccassi@microsoft.com>

In some cases we don't want to even attempt to set up OverlayFS, for
example because SELinux in enforcing mode would kill the process
attempting to use the mount. See:

https://lore.kernel.org/all/CA+FmFJBDwt52Z-dVGfuUcnRMiMtGPhK4cCQJ=J_fg0r3x-b6ng@mail.gmail.com/T/#mef98aa406324096d1889d3d467251f30456f403c

If MOUNT_COPYBIND_AVOID_OVERLAYFS=1 is set, skip directly to copy and
bind mount.

Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
---
 meta/recipes-core/volatile-binds/files/mount-copybind | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-core/volatile-binds/files/mount-copybind b/meta/recipes-core/volatile-binds/files/mount-copybind
index 8bbb406b3a..ddc4357615 100755
--- a/meta/recipes-core/volatile-binds/files/mount-copybind
+++ b/meta/recipes-core/volatile-binds/files/mount-copybind
@@ -2,6 +2,9 @@
 #
 # Perform a bind mount, copying existing files as we do so to ensure the
 # overlaid path has the necessary content.
+# If the target is a directory and overlayfs is available (and the environment
+# variable MOUNT_COPYBIND_AVOID_OVERLAYFS=1 is not set), then an overlay mount
+# will be attempted first.
 
 if [ $# -lt 2 ]; then
     echo >&2 "Usage: $0 spec mountpoint [OPTIONS]"
@@ -51,7 +54,7 @@ if [ -d "$mountpoint" ]; then
             mountcontext=",rootcontext=$(matchpathcon -n "$mountpoint")"
         fi
     fi
-    if ! mount -t overlay overlay -olowerdir="$mountpoint",upperdir="$spec",workdir="$overlay_workdir""$mountcontext" "$mountpoint" > /dev/null 2>&1; then
+    if [ "$MOUNT_COPYBIND_AVOID_OVERLAYFS" = 1 ] || ! mount -t overlay overlay -olowerdir="$mountpoint",upperdir="$spec",workdir="$overlay_workdir""$mountcontext" "$mountpoint" > /dev/null 2>&1; then
 
         if [ "$specdir_existed" != "yes" ]; then
             cp -aPR "$mountpoint"/. "$spec/"
-- 
2.34.1

Re: [OE-core] [PATCH 2/2] mount-copybind: add MOUNT_COPYBIND_AVOID_OVERLAYFS env var to skip OverlayFS

[Michael Opdenacker]

Hi Luca,

On 3/25/22 19:40, Luca Bocassi wrote:
> From: Luca Boccassi <luca.boccassi@microsoft.com>
>
> In some cases we don't want to even attempt to set up OverlayFS, for
> example because SELinux in enforcing mode would kill the process
> attempting to use the mount. See:
>
> https://lore.kernel.org/all/CA+FmFJBDwt52Z-dVGfuUcnRMiMtGPhK4cCQJ=J_fg0r3x-b6ng@mail.gmail.com/T/#mef98aa406324096d1889d3d467251f30456f403c
>
> If MOUNT_COPYBIND_AVOID_OVERLAYFS=1 is set, skip directly to copy and
> bind mount.
>
> Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>


Thanks for the patch!
Now that the patch is merged, would you mind proposing a patch to add a
description of it to the documentation? You'll probably do it better
than I would.

Thanks in advance
Michael.

-- 
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

Re: [OE-core] [PATCH 2/2] mount-copybind: add MOUNT_COPYBIND_AVOID_OVERLAYFS env var to skip OverlayFS

[Luca Boccassi]

[-- Attachment #1: Type: text/plain, Size: 1011 bytes --]

On Mon, 2022-03-28 at 17:30 +0200, Michael Opdenacker wrote:
> Hi Luca,
> 
> On 3/25/22 19:40, Luca Bocassi wrote:
> > From: Luca Boccassi <luca.boccassi@microsoft.com>
> > 
> > In some cases we don't want to even attempt to set up OverlayFS, for
> > example because SELinux in enforcing mode would kill the process
> > attempting to use the mount. See:
> > 
> > https://lore.kernel.org/all/CA+FmFJBDwt52Z-dVGfuUcnRMiMtGPhK4cCQJ=J_fg0r3x-b6ng@mail.gmail.com/T/#mef98aa406324096d1889d3d467251f30456f403c
> > 
> > If MOUNT_COPYBIND_AVOID_OVERLAYFS=1 is set, skip directly to copy and
> > bind mount.
> > 
> > Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
> 
> 
> Thanks for the patch!
> Now that the patch is merged, would you mind proposing a patch to add a
> description of it to the documentation? You'll probably do it better
> than I would.
> 
> Thanks in advance
> Michael.

Sure I can do that, where should it be listed exactly?

-- 
Kind regards,
Luca Boccassi

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [OE-core] [PATCH 2/2] mount-copybind: add MOUNT_COPYBIND_AVOID_OVERLAYFS env var to skip OverlayFS

[Michael Opdenacker]

Hi Luca,

On 3/28/22 17:32, Luca Bocassi wrote:
>
>> Thanks for the patch!
>> Now that the patch is merged, would you mind proposing a patch to add a
>> description of it to the documentation? You'll probably do it better
>> than I would.
>>
>> Thanks in advance
>> Michael.
> Sure I can do that, where should it be listed exactly?


Great!
Well, I was thinking about adding an entry to
https://git.yoctoproject.org/yocto-docs/tree/documentation/ref-manual/variables.rst
corresponding to https://docs.yoctoproject.org/ref-manual/variables.html

However, I'm starting to have doubts as "volatile-binds" are not even
documented. Is this new variable meant to be used in the configuration
file? If so, it probably needs documenting, but it's nice when a
variable is either attached to a bbclass or is introduced in one of the
manuals too.

Ideas anyone?
Thanks again
Michael.

-- 
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com