composefs
composefs copied to clipboard
containers
a file system for mounting container images
As of the current Linux kernel merge window, [the IPE LSM](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a430d95c5efa) was merged. Per [the docs](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/diff/Documentation/admin-guide/LSM/ipe.rst?id=a430d95c5efa) an example policy is e.g. `op=EXECUTE dmverity_signature=TRUE action=ALLOW` This relies on the idea that...
I've been spending a lot of time in `lcfs_mount` lately and there are a few weird issues around `options->image_mountdir`. - this is specified by the user as a `const char...
Port to thiserror, as is done in https://github.com/containers/ocidir-rs/pull/16/commits/855b3be9e668dc9b1d6a54eeda3172657fc759c8 etc.
So today our error paths for executing the CLI in "should fail" cases just check that the binary exits with an error... But we have memory leaks in some error...
It came up in a discussion that perhaps instead of composefs having its own "write EROFS" code we could reuse liberofs from https://github.com/erofs/erofs-utils/ These are just the things I'm thinking...
Let's investigate adding some reverse dependency testing. To start obviously I'm interested in running the bootc tests when we change this repository. But it'd also make sense to test e.g....
It seems that the new mount API supports getting access to the errors during mount by reading from the fs_open fd. Example in: https://github.com/torvalds/linux/blob/master/samples/vfs/test-fsmount.c#L20 It would be very nice if...
This addresses the footer item in the [composefs CNCF sandbox onboarding task](https://github.com/cncf/sandbox/issues/340). It's also covered in the Contribution Agreement instructions.
Currently, desktop managers display composefs as a full partition. We need to somehow teach them to hide the size bar there to not alarm users. Should happen both on KDE...
I'm reading the composefs source code and see that the function `int lcfs_fd_measure_fsverity(uint8_t *digest, int fd)` may return `-EWRONGVERITY` reference: https://github.com/composefs/composefs/blob/c34cd5109f64be4d50446ab80a87b8f13772fd07/libcomposefs/lcfs-writer.c#L590 But that return value is not handled here https://github.com/composefs/composefs/blob/c34cd5109f64be4d50446ab80a87b8f13772fd07/libcomposefs/lcfs-writer.c#L601-L618...
