Containerd upgrade and creating readonly overlay fs (#19)

Containerd upgrade and creating readonly overlay fs

containerd/containerd.go

@@ -269,7 +269,7 @@ func (c Containerd) ExtractFileSystemContainer(containerId string, namespace str
 	ctx := namespaces.WithNamespace(context.Background(), namespace)
 	container, err := client.LoadContainer(ctx, containerId)
 	if err != nil {
-		fmt.Println("Error while getting container")
+		fmt.Fprintf(os.Stderr, "Error while getting container")
 		return err
 	}
 	info, _ := container.Info(ctx)
@@ -278,33 +278,42 @@ func (c Containerd) ExtractFileSystemContainer(containerId string, namespace str
 	target := strings.Replace(outputTarPath, ".tar", "", 1) + containerId
 	_, err = exec.Command("mkdir", target).Output()
 	if err != nil && !strings.Contains(err.Error(), "exit status 1") {
-		fmt.Println("Error while creating temp target dir", target,  err.Error())
+		fmt.Fprintf(os.Stderr, "Error while creating temp target dir %s %s \n", target,  err.Error())
 		return err
 	}
 	var mountStatement = fmt.Sprintf("mount -t %s %s %s -o %s\n", mounts[0].Type, mounts[0].Source, target, strings.Join(mounts[0].Options, ","))
 	_, err = exec.Command("bash", "-c", mountStatement).Output()
 	if err != nil {
-		fmt.Println("error while mounting image on temp target dir", mountStatement, " err: ", err.Error())
-		fmt.Println("Reattempting mount on /fenced/mnt/host")
+		mountedHostPath := "/fenced/mnt/host"
+		fmt.Fprintf(os.Stderr, "error while mounting image on temp target dir %s %s %s \n", mountStatement, " err: ", err.Error())
+		fmt.Fprintf(os.Stderr, "Reattempting mount from %s \n", mountedHostPath)
 		var containerdTmpDirs = []string{"/tmp", "/var/lib"}
+		var workDir, upperDir, lowerDir string
 		for index, option := range mounts[0].Options {
 			for _, tmpDir := range containerdTmpDirs {
 				if strings.Contains(option, tmpDir) {
-					mounts[0].Options[index] = strings.Replace(option, tmpDir, "/fenced/mnt/host" + tmpDir, -1)
+					mounts[0].Options[index] = strings.Replace(option, tmpDir, mountedHostPath + tmpDir, -1)
+					if strings.Index(mounts[0].Options[index], "upperdir") >= 0 {
+						upperDir = strings.Split(mounts[0].Options[index], "=")[1]
+					} else if strings.Index(mounts[0].Options[index], "workdir") >= 0 {
+						workDir = strings.Split(mounts[0].Options[index], "=")[1]
+					} else if strings.Index(mounts[0].Options[index], "lowerdir") >= 0 {
+						lowerDir = strings.Split(mounts[0].Options[index], "=")[1]
+					}
 				}
 			}
 		}
-		mountStatement = fmt.Sprintf("mount -t %s %s %s -o %s\n", mounts[0].Type, mounts[0].Source, target, strings.Join(mounts[0].Options, ","))
+		mountStatement = fmt.Sprintf("mount -t %s %s %s -o index=off,lowerdir=%s \n", mounts[0].Type, mounts[0].Source, target, workDir + ":" + upperDir + ":" + lowerDir)
 		_, err = exec.Command("bash", "-c", mountStatement).Output()
 		if err != nil {
-			fmt.Println("error while mounting image on temp target dir 2nd attempt", mountStatement, " err: ", err.Error())
+			fmt.Fprintf(os.Stderr, "error while mounting image on temp target dir 2nd attempt %s %s %s \n", mountStatement, " err: ", err.Error())
 			return err
 		}
-		fmt.Println("mount success")
+		fmt.Fprintf(os.Stderr, "mount success \n")
 	}
 	_, err = exec.Command("tar", "-czvf", outputTarPath, "-C", target, ".").Output()
 	if err != nil {
-		fmt.Println("Error while packing tar", outputTarPath, target, err.Error())
+		fmt.Fprintf(os.Stderr, "Error while packing tar %s %s %s \n", outputTarPath, target, err.Error())
 		return err
 	}
 	exec.Command("umount", target).Output()

go.mod

@@ -3,21 +3,19 @@ module github.com/deepfence/vessel
 go 1.17
 
 require (
-	github.com/containerd/containerd v1.6.0-beta.4
+	github.com/containerd/containerd v1.6.1
 	github.com/docker/docker v20.10.9+incompatible
 	github.com/joho/godotenv v1.4.0
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.8.1
-	google.golang.org/grpc v1.41.0
+	google.golang.org/grpc v1.43.0
 )
 
 require (
 	github.com/Microsoft/go-winio v0.5.1 // indirect
-	github.com/Microsoft/hcsshim v0.9.1 // indirect
-	github.com/bits-and-blooms/bitset v1.2.0 // indirect
-	github.com/containerd/cgroups v1.0.2 // indirect
-	github.com/containerd/containerd/api v1.6.0-beta.3 // indirect
-	github.com/containerd/continuity v0.2.2-0.20211201162329-8e53e7cac79d // indirect
+	github.com/Microsoft/hcsshim v0.9.2 // indirect
+	github.com/containerd/cgroups v1.0.3 // indirect
+	github.com/containerd/continuity v0.2.2 // indirect
 	github.com/containerd/fifo v1.0.0 // indirect
 	github.com/containerd/ttrpc v1.1.0 // indirect
 	github.com/containerd/typeurl v1.0.2 // indirect
@@ -36,17 +34,14 @@ require (
 	github.com/moby/sys/signal v0.6.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5 // indirect
-	github.com/opencontainers/runc v1.0.3 // indirect
+	github.com/opencontainers/runc v1.1.0 // indirect
 	github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect
-	github.com/opencontainers/selinux v1.8.2 // indirect
-	go.opencensus.io v0.22.3 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.24.0 // indirect
-	go.opentelemetry.io/otel v1.0.1 // indirect
-	go.opentelemetry.io/otel/trace v1.0.1 // indirect
-	golang.org/x/net v0.0.0-20210825183410-e898025ed96a // indirect
+	github.com/opencontainers/selinux v1.10.0 // indirect
+	go.opencensus.io v0.23.0 // indirect
+	golang.org/x/net v0.0.0-20211216030914-fe4d6282115f // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
-	golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359 // indirect
-	golang.org/x/text v0.3.6 // indirect
-	google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect
+	golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e // indirect
+	golang.org/x/text v0.3.7 // indirect
+	google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa // indirect
 	google.golang.org/protobuf v1.27.1 // indirect
 )