Merge pull request systemd#4693 from poettering/nspawn-ephemeral

nspawn: support ephemeral boots from images

Author: keszybz

man/machinectl.xml

@@ -599,8 +599,8 @@
         <listitem><para>Clones a container or VM image. The arguments specify the name of the image to clone and the
         name of the newly cloned image. Note that plain directory container images are cloned into btrfs subvolume
         images with this command, if the underlying file system supports this.  Note that cloning a container or VM
-        image is optimized for btrfs file systems, and might not be efficient on others, due to file system
-        limitations.</para>
+        image is optimized for file systems that support copy-on-write, and might not be efficient on others, due to
+        file system limitations.</para>
 
         <para>Note that this command leaves host name, machine ID and
         all other settings that could identify the instance
@@ -910,7 +910,7 @@
     <filename>/var/lib/machines/</filename> to make them available for
     control with <command>machinectl</command>.</para>
 
-    <para>Note that many image operations are only supported,
+    <para>Note that some image operations are only supported,
     efficient or atomic on btrfs file systems. Due to this, if the
     <command>pull-tar</command>, <command>pull-raw</command>,
     <command>import-tar</command>, <command>import-raw</command> and

man/systemd-nspawn.xml

@@ -181,25 +181,15 @@
       <varlistentry>
         <term><option>--template=</option></term>
 
-        <listitem><para>Directory or <literal>btrfs</literal>
-        subvolume to use as template for the container's root
-        directory. If this is specified and the container's root
-        directory (as configured by <option>--directory=</option>)
-        does not yet exist it is created as <literal>btrfs</literal>
-        subvolume and populated from this template tree. Ideally, the
-        specified template path refers to the root of a
-        <literal>btrfs</literal> subvolume, in which case a simple
-        copy-on-write snapshot is taken, and populating the root
-        directory is instant. If the specified template path does not
-        refer to the root of a <literal>btrfs</literal> subvolume (or
-        not even to a <literal>btrfs</literal> file system at all),
-        the tree is copied, which can be substantially more
-        time-consuming. Note that if this option is used the
-        container's root directory (in contrast to the template
-        directory!) must be located on a <literal>btrfs</literal> file
-        system, so that the <literal>btrfs</literal> subvolume may be
-        created. May not be specified together with
-        <option>--image=</option> or
+        <listitem><para>Directory or <literal>btrfs</literal> subvolume to use as template for the container's root
+        directory. If this is specified and the container's root directory (as configured by
+        <option>--directory=</option>) does not yet exist it is created as <literal>btrfs</literal> snapshot (if
+        supported) or plain directory (otherwise) and populated from this template tree. Ideally, the specified
+        template path refers to the root of a <literal>btrfs</literal> subvolume, in which case a simple copy-on-write
+        snapshot is taken, and populating the root directory is instant. If the specified template path does not refer
+        to the root of a <literal>btrfs</literal> subvolume (or not even to a <literal>btrfs</literal> file system at
+        all), the tree is copied (though possibly in a copy-on-write scheme — if the file system supports that), which
+        can be substantially more time-consuming. May not be specified together with <option>--image=</option> or
         <option>--ephemeral</option>.</para>
 
         <para>Note that this switch leaves host name, machine ID and
@@ -211,13 +201,8 @@
         <term><option>-x</option></term>
         <term><option>--ephemeral</option></term>
 
-        <listitem><para>If specified, the container is run with a
-        temporary <literal>btrfs</literal> snapshot of its root
-        directory (as configured with <option>--directory=</option>),
-        that is removed immediately when the container terminates.
-        This option is only supported if the root file system is
-        <literal>btrfs</literal>. May not be specified together with
-        <option>--image=</option> or
+        <listitem><para>If specified, the container is run with a temporary snapshot of its file system that is removed
+        immediately when the container terminates. May not be specified together with
         <option>--template=</option>.</para>
         <para>Note that this switch leaves host name, machine ID and
         all other settings that could identify the instance
@@ -252,11 +237,12 @@
           Partitions Specification</ulink>.</para></listitem>
         </itemizedlist>
 
-        <para>Any other partitions, such as foreign partitions, swap
-        partitions or EFI system partitions are not mounted. May not
-        be specified together with <option>--directory=</option>,
-        <option>--template=</option> or
-        <option>--ephemeral</option>.</para></listitem>
+        <para>On GPT images, if an EFI System Partition (ESP) is discovered, it is automatically mounted to
+        <filename>/efi</filename> (or <filename>/boot</filename> as fallback) in case a directory by this name exists
+        and is empty.</para>
+
+        <para>Any other partitions, such as foreign partitions or swap partitions are not mounted. May not be specified
+        together with <option>--directory=</option>, <option>--template=</option>.</para></listitem>
       </varlistentry>
 
       <varlistentry>
@@ -1056,14 +1042,12 @@
     </example>
 
     <example>
-      <title>Boot into an ephemeral <literal>btrfs</literal> snapshot of the host system</title>
+      <title>Boot into an ephemeral snapshot of the host system</title>
 
       <programlisting># systemd-nspawn -D / -xb</programlisting>
 
-      <para>This runs a copy of the host system in a
-      <literal>btrfs</literal> snapshot which is removed immediately
-      when the container exits. All file system changes made during
-      runtime will be lost on shutdown, hence.</para>
+      <para>This runs a copy of the host system in a snapshot which is removed immediately when the container
+      exits. All file system changes made during runtime will be lost on shutdown, hence.</para>
     </example>
 
     <example>

src/basic/btrfs-util.c

@@ -20,6 +20,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <inttypes.h>
+#include <linux/fs.h>
 #include <linux/loop.h>
 #include <stddef.h>
 #include <stdio.h>
@@ -38,13 +39,15 @@
 #include "alloc-util.h"
 #include "btrfs-ctree.h"
 #include "btrfs-util.h"
+#include "chattr-util.h"
 #include "copy.h"
 #include "fd-util.h"
 #include "fileio.h"
 #include "io-util.h"
 #include "macro.h"
 #include "missing.h"
 #include "path-util.h"
+#include "rm-rf.h"
 #include "selinux-util.h"
 #include "smack-util.h"
 #include "sparse-endian.h"
@@ -1718,28 +1721,46 @@ int btrfs_subvol_snapshot_fd(int old_fd, const char *new_path, BtrfsSnapshotFlag
         if (r < 0)
                 return r;
         if (r == 0) {
+                bool plain_directory = false;
+
+                /* If the source isn't a proper subvolume, fail unless fallback is requested */
                 if (!(flags & BTRFS_SNAPSHOT_FALLBACK_COPY))
                         return -EISDIR;
 
                 r = btrfs_subvol_make(new_path);
-                if (r < 0)
+                if (r == -ENOTTY && (flags & BTRFS_SNAPSHOT_FALLBACK_DIRECTORY)) {
+                        /* If the destination doesn't support subvolumes, then use a plain directory, if that's requested. */
+                        if (mkdir(new_path, 0755) < 0)
+                                return r;
+
+                        plain_directory = true;
+                } else if (r < 0)
                         return r;
 
                 r = copy_directory_fd(old_fd, new_path, true);
-                if (r < 0) {
-                        (void) btrfs_subvol_remove(new_path, BTRFS_REMOVE_QUOTA);
-                        return r;
-                }
+                if (r < 0)
+                        goto fallback_fail;
 
                 if (flags & BTRFS_SNAPSHOT_READ_ONLY) {
-                        r = btrfs_subvol_set_read_only(new_path, true);
-                        if (r < 0) {
-                                (void) btrfs_subvol_remove(new_path, BTRFS_REMOVE_QUOTA);
-                                return r;
+
+                        if (plain_directory) {
+                                /* Plain directories have no recursive read-only flag, but something pretty close to
+                                 * it: the IMMUTABLE bit. Let's use this here, if this is requested. */
+
+                                if (flags & BTRFS_SNAPSHOT_FALLBACK_IMMUTABLE)
+                                        (void) chattr_path(new_path, FS_IMMUTABLE_FL, FS_IMMUTABLE_FL);
+                        } else {
+                                r = btrfs_subvol_set_read_only(new_path, true);
+                                if (r < 0)
+                                        goto fallback_fail;
                         }
                 }
 
                 return 0;
+
+        fallback_fail:
+                (void) rm_rf(new_path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
+                return r;
         }
 
         r = extract_subvolume_name(new_path, &subvolume);

src/basic/btrfs-util.h

@@ -45,10 +45,12 @@ typedef struct BtrfsQuotaInfo {
 } BtrfsQuotaInfo;
 
 typedef enum BtrfsSnapshotFlags {
-        BTRFS_SNAPSHOT_FALLBACK_COPY = 1,
+        BTRFS_SNAPSHOT_FALLBACK_COPY = 1,        /* If the source isn't a subvolume, reflink everything */
         BTRFS_SNAPSHOT_READ_ONLY = 2,
         BTRFS_SNAPSHOT_RECURSIVE = 4,
         BTRFS_SNAPSHOT_QUOTA = 8,
+        BTRFS_SNAPSHOT_FALLBACK_DIRECTORY = 16,  /* If the destination doesn't support subvolumes, reflink/copy instead */
+        BTRFS_SNAPSHOT_FALLBACK_IMMUTABLE = 32,  /* When we can't create a subvolume, use the FS_IMMUTABLE attribute for indicating read-only */
 } BtrfsSnapshotFlags;
 
 typedef enum BtrfsRemoveFlags {

src/basic/missing.h

@@ -143,6 +143,10 @@
 #define GRND_RANDOM 0x0002
 #endif
 
+#ifndef FS_NOCOW_FL
+#define FS_NOCOW_FL 0x00800000
+#endif
+
 #ifndef BTRFS_IOCTL_MAGIC
 #define BTRFS_IOCTL_MAGIC 0x94
 #endif

src/import/pull-common.c

@@ -144,12 +144,12 @@ int pull_make_local_copy(const char *final, const char *image_root, const char *
         if (force_local)
                 (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
 
-        r = btrfs_subvol_snapshot(final, p, BTRFS_SNAPSHOT_QUOTA);
-        if (r == -ENOTTY) {
-                r = copy_tree(final, p, false);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to copy image: %m");
-        } else if (r < 0)
+        r = btrfs_subvol_snapshot(final, p,
+                                  BTRFS_SNAPSHOT_QUOTA|
+                                  BTRFS_SNAPSHOT_FALLBACK_COPY|
+                                  BTRFS_SNAPSHOT_FALLBACK_DIRECTORY|
+                                  BTRFS_SNAPSHOT_RECURSIVE);
+        if (r < 0)
                 return log_error_errno(r, "Failed to create local image: %m");
 
         log_info("Created new local image '%s'.", local);

src/nspawn/nspawn-mount.c

@@ -298,7 +298,7 @@ int mount_sysfs(const char *dest, MountSettingsMask mount_settings) {
                              MS_BIND|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT|extra_flags, NULL);
 }
 
-static int mkdir_userns(const char *path, mode_t mode, bool in_userns, uid_t uid_shift) {
+static int mkdir_userns(const char *path, mode_t mode, MountSettingsMask mask, uid_t uid_shift) {
         int r;
 
         assert(path);
@@ -307,16 +307,20 @@ static int mkdir_userns(const char *path, mode_t mode, bool in_userns, uid_t uid
         if (r < 0 && errno != EEXIST)
                 return -errno;
 
-        if (!in_userns) {
-                r = lchown(path, uid_shift, uid_shift);
-                if (r < 0)
-                        return -errno;
-        }
+        if ((mask & MOUNT_USE_USERNS) == 0)
+                return 0;
+
+        if (mask & MOUNT_IN_USERNS)
+                return 0;
+
+        r = lchown(path, uid_shift, uid_shift);
+        if (r < 0)
+                return -errno;
 
         return 0;
 }
 
-static int mkdir_userns_p(const char *prefix, const char *path, mode_t mode, bool in_userns, uid_t uid_shift) {
+static int mkdir_userns_p(const char *prefix, const char *path, mode_t mode, MountSettingsMask mask, uid_t uid_shift) {
         const char *p, *e;
         int r;
 
@@ -343,12 +347,12 @@ static int mkdir_userns_p(const char *prefix, const char *path, mode_t mode, boo
                 if (prefix && path_startswith(prefix, t))
                         continue;
 
-                r = mkdir_userns(t, mode, in_userns, uid_shift);
+                r = mkdir_userns(t, mode, mask, uid_shift);
                 if (r < 0)
                         return r;
         }
 
-        return mkdir_userns(path, mode, in_userns, uid_shift);
+        return mkdir_userns(path, mode, mask, uid_shift);
 }
 
 int mount_all(const char *dest,
@@ -422,7 +426,7 @@ int mount_all(const char *dest,
                 if (mount_table[k].what && r > 0)
                         continue;
 
-                r = mkdir_userns_p(dest, where, 0755, in_userns, uid_shift);
+                r = mkdir_userns_p(dest, where, 0755, mount_settings, uid_shift);
                 if (r < 0 && r != -EEXIST) {
                         if (fatal)
                                 return log_error_errno(r, "Failed to create directory %s: %m", where);