Skip to content

Commit

Permalink
Fix file capabilities droping in Dockerfile
Browse files Browse the repository at this point in the history
doCopyXattrs() never reached due to copyXattrs boolean being false, as
a result file capabilities not being copied.

moved copyXattr() out of doCopyXattrs()

Signed-off-by: Illo Abdulrahim <abdulrahim.illo@nokia.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
  • Loading branch information
@thaJeztah
Illo Abdulrahim authored and thaJeztah committed Jul 27, 2022
1 parent 2bfc7ae commit 31f654a
Showing 1 changed file with 11 additions and 9 deletions.
20 changes: 11 additions & 9 deletions daemon/graphdriver/copy/copy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,11 +110,13 @@ type dirMtimeInfo struct {
stat *syscall.Stat_t
}

// DirCopy copies or hardlinks the contents of one directory to another,
// properly handling xattrs, and soft links
// DirCopy copies or hardlinks the contents of one directory to another, properly
// handling soft links, "security.capability" and (optionally) "trusted.overlay.opaque"
// xattrs.
//
// Copying xattrs can be opted out of by passing false for copyXattrs.
func DirCopy(srcDir, dstDir string, copyMode Mode, copyXattrs bool) error {
// The copyOpaqueXattrs controls if "trusted.overlay.opaque" xattrs are copied.
// Passing false disables copying "trusted.overlay.opaque" xattrs.
func DirCopy(srcDir, dstDir string, copyMode Mode, copyOpaqueXattrs bool) error {
copyWithFileRange := true
copyWithFileClone := true

Expand Down Expand Up @@ -207,7 +209,11 @@ func DirCopy(srcDir, dstDir string, copyMode Mode, copyXattrs bool) error {
return err
}

if copyXattrs {
if err := copyXattr(srcPath, dstPath, "security.capability"); err != nil {
return err
}

if copyOpaqueXattrs {
if err := doCopyXattrs(srcPath, dstPath); err != nil {
return err
}
Expand Down Expand Up @@ -256,10 +262,6 @@ func DirCopy(srcDir, dstDir string, copyMode Mode, copyXattrs bool) error {
}

func doCopyXattrs(srcPath, dstPath string) error {
if err := copyXattr(srcPath, dstPath, "security.capability"); err != nil {
return err
}

// We need to copy this attribute if it appears in an overlay upper layer, as
// this function is used to copy those. It is set by overlay if a directory
// is removed and then re-created and should not inherit anything from the
Expand Down

0 comments on commit 31f654a

Please sign in to comment.