Skip to content

WIP: volume protection by pinning #26846

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 17 commits into
base: main
Choose a base branch
from
Open

WIP: volume protection by pinning #26846

wants to merge 17 commits into from
+351 −23

Conversation

tobwen
Copy link
Contributor

@tobwen tobwen commented Aug 16, 2025

Does this PR introduce a user-facing change?

Yes.

* Added `--pinned` flag to `volume create` to create pinned volumes
* Added new `volume pin` commands to pin/unpin existing volumes
* Added `--include-pinned` flag to `volume rm` to allow removing pinned volumes
* Added pinned volume filtering support
* Added support for pinned volumes in `system prune` command
* Added HTTP API and ABI support for volume pinning
* Added runtime methods for handling pinned volumes and pruning

References

Reference #26807
Reference #23217

Actions required

  • This is just the first step to demonstrate the function. Things like tunnel/remote implementation are still missing (it's just a stub).
  • It needs to be discussed if we want to overload the CLI with volume unpin or rather use volume pin --unpin as supplied.

Note

Those are my first steps with the Podman code - please bear with me.

@openshift-ci openshift-ci bot added release-note do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. labels Aug 16, 2025
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Aug 16, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: tobwen
Once this PR has been reviewed and has the lgtm label, please assign ygalblum for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@github-actions github-actions bot added the kind/api-change Change to remote API; merits scrutiny label Aug 16, 2025
@tobwen tobwen mentioned this pull request Aug 16, 2025
Open
@mheon
Copy link
Member

mheon commented Aug 18, 2025

Should pinned volumes require --force to remove? It feels like they ought to

mheon
mheon reviewed Aug 18, 2025
View reviewed changes
libpod/volume.go Outdated
@@ -76,6 +76,9 @@ type VolumeConfig struct {
StorageImageID string `json:"storageImageID,omitempty"`
// MountLabel is the SELinux label to assign to mount points
MountLabel string `json:"mountlabel,omitempty"`
// Pinned indicates that this volume should be excluded from
// system prune operations by default
Pinned bool `json:"pinned,omitempty"`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably better to stick this in state, since it can be toggled on/off

mheon
mheon reviewed Aug 18, 2025
View reviewed changes
libpod/volume.go Outdated
return err
}

v.config.Pinned = pinned
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, this won't work with v.config - that's static data, never changes. You want v.state - which is refreshed by update() and saved by save()

@tobwen
Copy link
Contributor Author

tobwen commented Aug 18, 2025

Should pinned volumes require --force to remove? It feels like they ought to

I've thought about that before, but I figured we should treat it like the immutable flag. If this flag is set, even root can't remove a file with rm -f either. My concern here is protecting important data, and maybe root has some stupid script that sets --force to keep the script running - but then the data is gone (excluding backups for now).

@packit-as-a-service Packit-as-a-Service
Copy link

[NON-BLOCKING] Packit jobs failed. @containers/packit-build please check. Everyone else, feel free to ignore.

3 similar comments
@packit-as-a-service Packit-as-a-Service
Copy link

[NON-BLOCKING] Packit jobs failed. @containers/packit-build please check. Everyone else, feel free to ignore.

@packit-as-a-service Packit-as-a-Service
Copy link

[NON-BLOCKING] Packit jobs failed. @containers/packit-build please check. Everyone else, feel free to ignore.

@packit-as-a-service Packit-as-a-Service
Copy link

[NON-BLOCKING] Packit jobs failed. @containers/packit-build please check. Everyone else, feel free to ignore.

tobwen added 15 commits August 19, 2025 01:12
@tobwen
Add Protected field to volume configuration and data structures
dad3c39 
Signed-off-by: tobwen <[email protected]>
@tobwen
Implement volume protection methods and creation options
9392e2d 
Signed-off-by: tobwen <[email protected]>
@tobwen
Add runtime methods for protected volume handling and pruning
13893f0 
Signed-off-by: tobwen <[email protected]>
@tobwen
Add protected volume support to entity types and interfaces
639d7bd 
Signed-off-by: tobwen <[email protected]>
@tobwen
Implement protected volume filtering support
2f3cc9b 
Signed-off-by: tobwen <[email protected]>
@tobwen
Add protected volume support to ABI implementation
fc26910 
Signed-off-by: tobwen <[email protected]>
@tobwen
Add HTTP API support for protected volumes
15262c4 
Signed-off-by: tobwen <[email protected]>
@tobwen
Add --protected flag to volume create command
10a33f6 
Signed-off-by: tobwen <[email protected]>
@tobwen
Add volume protect/unprotect command
df7a67f 
Signed-off-by: tobwen <[email protected]>
@tobwen
Add --include-protected flag to volume rm command
7709b0e 
Signed-off-by: tobwen <[email protected]>
@tobwen
Add protected volume support to system prune command
b41d4b1 
Signed-off-by: tobwen <[email protected]>
@tobwen
Add VolumeProtect stub implementation for tunnel/remote clients
78e4ac6 
Signed-off-by: tobwen <[email protected]>
@tobwen
Fix volume pruning to respect include protected flag in system prune
66450f5 
Signed-off-by: tobwen <[email protected]>
@tobwen
Rename term "protected" to "pinned"
7f5491a 
see discussion in containers#23217

Signed-off-by: tobwen <[email protected]>
@tobwen
Move Pinned field from VolumeConfig to VolumeState
9e37833 
Signed-off-by: tobwen <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mheon mheon mheon left review comments

Assignees
No one assigned
Labels
do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. kind/api-change Change to remote API; merits scrutiny release-note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tobwen @mheon