Allow configuration of Rootlesskit's CopyUpDirs through an environment variable

[ludost]

Proposed Changes

In our use-case we are running an K3S Agent in a Rootless environment at the end-user's own workstation. This works well (enough), but we also want to provide access to the local folders (through e.g. HostPath volume mounts). But the Agent runs inside the rootless namespace, disallowing read/write access to the actual file-system.

This PR allows the Agent to setup extra "CopyUpDirs" entries, through an environment variable called "K3S_ROOTLESS_COPYUPDIRS". This environment variable can receive a comma-separated list absolute paths, which will be added to the existing list.

Types of Changes

This change is non-breaking, fully backwards compatible. It only adds a new feature and a new environment variable. The setup will not start (with a fatal error) if any of the added folders doesn't exist in the host system. Which is the normal behavior of the pre-existing code.

Verification

• Create a folder as your normal user: mkdir /home/<your_username>/containerShare
• Set an environment variable: export K3S_ROOTLESS_COPYUPDIRS=/home/<your_username>/containerShare
• Start a K3S agent (and/or server) with the --rootless parameter.
• Create a container with a hostPath volume mount like:

  volumeMounts:
    - mountPath:   /my_share/
      name: containerShare

   volumes: 
      - hostPath:
           path: /home/<your_username>/containerShare
           type: ""
        name: containerShare

• Try to write a file into the volume mount inside the container: touch /my_share/helloWorld
• From the host system, check if the file is there: ls /home/<your_username>/containerShare/

Testing

No, I currently have no unit test for this change.

Linked Issues

See #10385 for a further description.

User-Facing Change

Add new environment variable "K3S_ROOTLESS_COPYUPDIRS" to add folders to the Rootlesskit configuration.

Further Comments

[ludost]

FYI: to fix that DCO error, I've followed the advice of the DCO-page and rebased the commits, with proper sign-off statements.

[dereknola]

@ludost Are you still working on this PR? Or did you arrive at another solution?

[ludost]

@ludost Are you still working on this PR? Or did you arrive at another solution?

Yes, I'm wrapping up this PR for merging. Just have to figure out how to do that, it's my first "modern" contribution to such projects, getting my head wrapped around the tools...

[ludost]

Oh, man, did I mess this up:) A lot of history for a nearly one-liner. Anyway, it should be alright now. Sorry for the inconvenience.

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.

Project coverage is 43.97%. Comparing base (0553a1a) to head (dbc9c96).
Report is 8 commits behind head on master.

Files with missing lines	Patch %	Lines
pkg/rootless/rootless.go	0.00%	2 Missing ⚠️

❗ There is a different number of reports uploaded between BASE (0553a1a) and HEAD (dbc9c96). Click for more details.

HEAD has 1 upload less than BASE

Flag	BASE (0553a1a)	HEAD (dbc9c96)
e2etests	7	6

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #10386      +/-   ##
==========================================
- Coverage   49.74%   43.97%   -5.78%     
==========================================
  Files         178      178              
  Lines       14801    14803       +2     
==========================================
- Hits         7363     6509     -854     
- Misses       6085     7090    +1005     
+ Partials     1353     1204     -149     

Flag	Coverage Δ
e2etests	36.48% <0.00%> (-9.47%)	⬇️
inttests	19.71% <0.00%> (-17.01%)	⬇️
unittests	13.55% <0.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.