Skip to content

Commit

Permalink
pkg/archive: migrate to (tar.Header).PAXRecords
Browse files Browse the repository at this point in the history
Signed-off-by: Cory Snider <csnider@mirantis.com>
  • Loading branch information
corhere committed Oct 23, 2023
1 parent 6a8a792 commit 3cf409a
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 9 deletions.
19 changes: 13 additions & 6 deletions pkg/archive/archive.go
Original file line number Diff line number Diff line change
Expand Up @@ -481,6 +481,8 @@ func FileInfoHeader(name string, fi os.FileInfo, link string) (*tar.Header, erro
return hdr, nil
}

const paxSchilyXattr = "SCHILY.xattr."

// ReadSecurityXattrToTarHeader reads security.capability xattr from filesystem
// to a tar header
func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
Expand All @@ -493,15 +495,16 @@ func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
)
capability, _ := system.Lgetxattr(path, "security.capability")
if capability != nil {
length := len(capability)
if capability[versionOffset] == vfsCapRevision3 {
// Convert VFS_CAP_REVISION_3 to VFS_CAP_REVISION_2 as root UID makes no
// sense outside the user namespace the archive is built in.
capability[versionOffset] = vfsCapRevision2
length = xattrCapsSz2
capability = capability[:xattrCapsSz2]
}
if hdr.PAXRecords == nil {
hdr.PAXRecords = make(map[string]string)
}
hdr.Xattrs = make(map[string]string)
hdr.Xattrs["security.capability"] = string(capability[:length])
hdr.PAXRecords[paxSchilyXattr+"security.capability"] = string(capability)
}
return nil
}
Expand Down Expand Up @@ -776,8 +779,12 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, o
}

var xattrErrs []string
for key, value := range hdr.Xattrs {
if err := system.Lsetxattr(path, key, []byte(value), 0); err != nil {
for key, value := range hdr.PAXRecords {
xattr, ok := strings.CutPrefix(key, paxSchilyXattr)
if !ok {
continue
}
if err := system.Lsetxattr(path, xattr, []byte(value), 0); err != nil {
if bestEffortXattrs && errors.Is(err, syscall.ENOTSUP) || errors.Is(err, syscall.EPERM) {
// EPERM occurs if modifying xattrs is not allowed. This can
// happen when running in userns with restrictions (ChromeOS).
Expand Down
4 changes: 1 addition & 3 deletions pkg/archive/archive_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,7 @@ func (overlayWhiteoutConverter) ConvertWrite(hdr *tar.Header, path string, fi os
return nil, err
}
if len(opaque) == 1 && opaque[0] == 'y' {
if hdr.Xattrs != nil {
delete(hdr.Xattrs, "trusted.overlay.opaque")
}
delete(hdr.PAXRecords, paxSchilyXattr+"trusted.overlay.opaque")

// create a header for the whiteout file
// it should inherit some properties from the parent, but be a regular file
Expand Down

0 comments on commit 3cf409a

Please sign in to comment.