daemon/graphdriver/overlay2: set TarOptions.InUserNS for native differ (fix "failed to Lchown "/dev/console")

[thaJeztah]

• fixes [27.0 regression] Docker Pull Fails in Rootless "failed to register layer: failed to Lchown "/dev/console" #48064
• fixes Docker Pull Fails in Rootless "failed to register layer: failed to Lchown "/dev/console" for UID 0, GID 0: lchown /dev/console: no such file or directory" docker/for-linux#1497
• relates to / introduced in rootless: overlay2: support native overlay diff when using rootless-mode in kernel 5.11 and above #47605

pkg/archive: getWhiteoutConverter: don't error with userns enabled

Since 838047a, the overlayWhiteoutConverter
is supported with userns enabled, so we no longer need this check.

pkg/archive: handleTarTypeBlockCharFifo: don't discard EPERM errors

This function was discarding EPERM errors if it detected that userns was
enabled; move such checks to the caller-site, so that they can decide
how to handle the error (which, in case of userns may be to log and ignore).

pkg/archive: createTarFile: consistently use the same value for userns

createTarFile accepts a opts (TarOptions) argument to specify whether
userns is enabled; whe should consider always detecting locally, but
at least make sure we're consistently working with the same value within
this function.

daemon/graphdriver/overlay2: set TarOptions.InUserNS for native differ

Commits b2fd67d (and the follow-up commit
f6b8025) updated doesSupportNativeDiff to
detect whether the host can support native overlay diffing with userns
enabled.

As a result, useNaiveDiff would now return "false" in cases where it
previously would return "true" (and thus skip). However, overlay2,
unlike fuse-overlay did not take user namespaces into account, when
using the native differ, and it therefore did not set the InUserNS option
in TarOptions.

As a result pkg/archive.createTarFile would attempt tocreate device-nodes
through handleTarTypeBlockCharFifo which would fail, but the resulting
error EPERM would be discarded, and createTarFile would not return
early, therefor attempting to os.LChown the missing file, ultimately
resulting in an error:

failed to Lchown "/dev/console" for UID 0, GID 0: lchown /dev/console: no such file or directory

This patch fixes the missing option in overlay.

- Description for the changelog

Fix "fail to register layer: failed to Lchown" errors when trying to pull an image with rootless enabled on a system that supports native overlay with user-namespaces.

- A picture of a cute animal (not mandatory but encouraged)

[dmcgowan]

Beside the previous code stumbled into this, is Fifo really something we don't expect to be working. In containerd we don't skip Fifo for user namespaces.

[thaJeztah]

I went a bit back-and-forth on both of these;

• changed all of TypeFifo, TypeBlock, and TypeChar to try optimistically (but log the error on failure); this in the line of thought "who knows? one day it may work?"
• or the reverse; anticipating it won't work, so skip for useNs

In the end, I decided to keep the current behavior for now, but perhaps that's something we should revisit, WDYT?

[dmcgowan]

I think keep current behavior is right for the scope of this. Just the behavior difference was sticking out more so wanted to mention it.

[thaJeztah]

Yup, same! It also was a bit my motivation for moving the error-handling out of handleTarTypeBlockCharFifo - I wanted to make it more visible / explicit where we're ignoring errors.

[thaJeztah]

I'll bring this one in, and move the backport out of draft.