#352 enabling quota support on root XFS filesystem
Opened 3 years ago by dustymabe. Modified 2 years ago

@vgoyal recommends we should enable quota support on our root filesystem if we want to use overlay2 on it by default.

We need to investigate doing this and see if there are any implications.

Metadata Update from @dustymabe:
- Issue tagged with: F27, host

3 years ago

I will give little more context.

Docker overlay2 graph driver has capability of making use of xfs quota functionality and limit the size of container to a maximum. If quota is not enabled on underlying filesystem, this functionality is not avaialble.

I think it is useful to be able to limit the amount of data container apps can write and avoid the situation where a single malicious container can consume all the available disk space.

@vgoyal - I agree.

Does anyone know if it is possible to enable this quota support in anaconda?

it looks like these are options that can be specified at mount time. They do not have to be provided at FS creation time, correct? reference: link

From container-storage-setup it looks like the option we want to set is pquota. Can someone confirm that?

It looks like we can provide options through the --fsoptions field in the kickstart

yes, its a mount time option "pquota" and container-storage-setup specifies it by default.

But that kicks in only if user has decided to setup a seprate logical volume for overlayfs.

Now you are planning to grow rootfs to consume whole disk. That means most of the users will setup overlayfs on top of rootfs. And that means rootfs needs to have quota enabled. So generating images with quota enabled will make sense.

FYI: upstream issue related to enabling this option in fstab: https://github.com/projectatomic/rpm-ostree/issues/1059

Metadata Update from @dustymabe:
- Issue tagged with: jira

3 years ago

This is the script we use to sync today (this does not include an rsync of deltas at this time).

Login to comment on this ticket.