[RFC] ostree-ext: import container layers directly from overlay filesystem

[giuseppe]

When pulling container images from local containers-storage, detect overlay filesystem layers and import them directly to OSTree instead of processing tar streams. This allows to use reflinks on file systems that support them.

Assisted-by: Claude Opus 4.5

This is just a PoC at the moment, I've not fully reviewed the generated code yet.

@cgwalters This takes a different approach that we discussed, but I believe it is easier to maintain in the containers library, as it is much easier to add a new API to the image/storage library to expose low level objects (i.e. layer diff when available, file objects by their checksum...) that will replace the manual access to the overlay diff that is implemented now.

Another benefit, IMO, is that it moves us away from tarballs which ultimately I'd like to see it happening in the containers library as well.

I've manually tested the change and that reflinks are created to the files in the containers storage.

[gemini-code-assist]

Code Review

This pull request introduces a proof-of-concept for directly importing container layers from an overlay filesystem, aiming to improve performance by leveraging reflinks. This involves adding a new import path in ostree-ext that bypasses tar stream processing, using ostree::Repo::write_dfd_to_mtree and plumbing Storage context through bootc. However, the implementation contains a path traversal vulnerability in the way layer directory paths are constructed from layers.json. The use of open_ambient_dir and std::fs::read_dir in the filesystem import logic is insecure and should be replaced with more robust cap_std operations to prevent potential host filesystem access and TOCTOU issues. Additionally, the new filesystem-based import path does not set an ostree ref for the imported layer commit, which breaks layer caching and negates performance benefits for subsequent operations.

[gemini-code-assist]

The layer_id obtained from layers.json is used to construct layer_diff_path using storage_root.join(). Since layer_id is not validated, it can contain path traversal sequences like .., allowing an attacker who can influence the contents of layers.json to point layer_diff_path to arbitrary directories on the host. This is a path traversal vulnerability that could lead to unauthorized access to host files during the container import process.

[cgwalters]

We're effectively trusting the source storage so this is not a critical problem at all, but containers/composefs-rs#218 comprehensively uses cap_std Dir for this reason.

[gemini-code-assist]

The target_ref parameter is unused in this function. This leads to a bug where layers imported from the filesystem are not cached in ostree via a ref, causing them to be re-imported on every pull.

The else branch for tar stream import correctly uses crate::tar::write_tar which sets the ref. The new filesystem import path should do the same to ensure layer caching works as expected.

To fix this, you should pass target_ref down to import_filesystem_to_ostree and have it set the ref after creating the commit. This will also involve removing the now-incorrect comment about the caller being responsible for setting the ref.

Here are the suggested changes:

1. In crates/ostree-ext/src/container/store.rs:

--- a/crates/ostree-ext/src/container/store.rs
+++ b/crates/ostree-ext/src/container/store.rs
@@ -1297,11 +1297,10 @@
         let config = crate::filesystem::FilesystemFilterConfig::from_tar_options(options);
         let repo = repo.clone();
         let layer_path = layer_path.to_owned();
+        let target_ref = target_ref.to_owned();
 
         // Run the synchronous import in a blocking task
-        // Note: The caller is responsible for setting the ref within a transaction
         let result = crate::tokio_util::spawn_blocking_flatten(move || {
-            crate::filesystem::import_filesystem_to_ostree(&repo, &layer_path, &config)
+            crate::filesystem::import_filesystem_to_ostree(&repo, &layer_path, &target_ref, &config)
         })
         .await?;
 

2. In crates/ostree-ext/src/filesystem/filter.rs:

--- a/crates/ostree-ext/src/filesystem/filter.rs
+++ b/crates/ostree-ext/src/filesystem/filter.rs
@@ -72,6 +72,7 @@
 pub fn import_filesystem_to_ostree(
     repo: &ostree::Repo,
     src_path: &Utf8Path,
+    target_ref: &str,
     config: &FilesystemFilterConfig,
 ) -> Result<crate::tar::WriteTarResult> {
     let cancellable = gio::Cancellable::NONE;
@@ -188,6 +189,8 @@
         .write_commit(None, None, None, Some(&metadata), &root, cancellable)
         .context("Writing commit")?;
 
+    repo.set_ref_immediate(None, target_ref, Some(&commit), cancellable)?;
+
     Ok(crate::tar::WriteTarResult {
         commit: commit.to_string(),
         filtered: filtered_stats,

[gemini-code-assist]

The function import_filesystem_to_ostree uses open_ambient_dir to open the source directory and std::fs::read_dir to iterate over its entries. open_ambient_dir follows symlinks and allows opening arbitrary absolute paths. Combined with the potential path traversal in layer_diff_path, this allows importing arbitrary host directories into the OSTree repository. Furthermore, using std::fs::read_dir instead of src_dir.entries() introduces a TOCTOU (Time-of-Check to Time-of-Use) risk and is inconsistent with the use of the cap_std library for secure filesystem access.

[cgwalters]

Awesome, thanks for kickstarting this! So I have a giant amount of code generated in https://github.com/cgwalters/cstor-rs that is a lot more fleshed-out "read (and maybe write to) containers-storage" - but it also needs some cleanup, review, testing etc.

Backing up a second...here's what I'm thinking re #20

Basically let's try to go to a world where the flow is:

• Pull into containers-storage: using podman/skopeo (probably podman since the bollard apis are probably just fine for this, but we could make it pluggable too)
• Reflink/hardlink from there into composefs-rs
• If ostree is enabled, reflink/hardlink from composefs-rs into ostree

The thing that is really appealing to me about this is we're centralizing more on composefs.

[giuseppe]

• Reflink/hardlink from there into composefs-rs

I have missed this one. Where is the composefs-rs store?

[cgwalters]

I have missed this one. Where is the composefs-rs store?

It's initialized by default only in the composefs path, but...it would make sense probably to do so by default now even with ostree. It's in /composefs.

[giuseppe]

I guess I've hit ostreedev/ostree#2712 as it fails to import the whiteout and it seems there is no way to filter it without changing the source directory

[cgwalters]

Reflink/hardlink from there into composefs-rs

➡️ containers/composefs-rs#218

[cgwalters]

I maintain this cap-std-ext crate which has https://docs.rs/cap-std-ext/latest/cap_std_ext/dirext/trait.CapStdExtDirExt.html#tymethod.open_optional for this reason.

[cgwalters]

Hmm this is interesting, I need to understand the distinction here, will look.

[cgwalters]

We really should set the selinux labeling policy here. Which is messy! Because we need to mount (or compute/access) the merged root for just /etc/selinux.

But not doing so causes effective double disk space usage temporarily, it's very ugly.

Again the SELinux labeling thing is one of the most awesome parts about composefs - we just stick all that in the metadata.

[cgwalters]

You know what's funny:

$ podman run --rm -ti quay.io/fedora/fedora cat /.profile
kiwi_align='1048576'
kiwi_boot_timeout=''
kiwi_bootkernel=''
kiwi_bootloader='grub2'

Yes, we build the Fedora base image with this "kiwi" tool that likes to dump its metadata as a file into /...soooooo ugly

[cgwalters]

Hmm but we're not handling .wh..wh..opq here?