Commit f5f52434 authored by Kirill Smelkov's avatar Kirill Smelkov

trun: Require FUSE to be working inside user-namespaces to activate them

FUSE is needed for wendelin.core, and if we don't check that FUSE works
inside and activate user namespaces on e.g. Linux 4.9 kernel,
wendelin.core will fail to function. Since today wendelin.core is
included into ERP5 as its base component(*) it is practical to require
FUSE-in-userns support unconditionally.

FUSE in user-namespaces started to work in Linux 4.18(+). Detect if it
should work inside via checking whether running kernel is newer. I
choosed this way for simplicity not to unroll test filesystem to try to
mount inside and also not to slow-down startup time.

(*) see nexedi/slapos!874
(+) see https://git.kernel.org/linus/da315f6e0398 and https://git.kernel.org/linus/8cb08329b080.

/reviewed-by @jerome
/reviewed-on nexedi/nxdtest!13
parent ef41d960
......@@ -38,7 +38,7 @@ import prctl
# userns_available detects if user-namespaces and necessary features are provided by OS kernel.
def userns_available(): # -> (yes|no, {details})
have = {"userns": False}
have = {"userns": False, "userns/fuse": False}
try:
# check if user namespaces are available
......@@ -49,6 +49,20 @@ def userns_available(): # -> (yes|no, {details})
else:
have["userns"] = True
if have["userns"]:
# check if FUSE works inside user namespaces.
# Using FUSE inside user namespaces requires Linux >= 4.18 (see
# https://git.kernel.org/linus/da315f6e0398 and
# https://git.kernel.org/linus/8cb08329b080). For simplicity we check
# for that kernel version instead of actually trying to mount a test
# FUSE filesystem.
sysname, _, release, _, _ = os.uname()
if sysname == "Linux":
major, minor, _ = release.split('.', 2) # 5.10.0-9-amd64 -> 5 10 0-9-amd64
version = (int(major), int(minor))
if version >= (4, 18):
have["userns/fuse"] = True
ok = True
for _, haveit in have.items():
if not haveit:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment