From f5be9606b4b6dad403c2062a86540221390d6300 Mon Sep 17 00:00:00 2001 From: Emanuele Aina Date: Sun, 16 Jun 2019 00:00:17 +0200 Subject: [PATCH] pack,unpack: Save and restore xattrs and file capabilities in tarballs Add options to `tar` to tell it to save and restore extended attributes: * `--xattr`: enable extended attributes support * `--xattrs-include=*.*`: tell `tar` to include every extended attribute since by default `tar` only stores attributes in the `user.*` namespace This fixes the `pack` and `unpack` actions when dealing with tools like `ping` which on modern distributions have been switched to use file capabilities to do privileged operations without being setuid, as they are based on extended attributes. This relies on `tar` being GNU Tar >= 1.27, released in 2013 and shipped since Debian Jessie. Signed-off-by: Emanuele Aina --- TODO | 2 -- actions/pack_action.go | 4 +++- archiver.go | 2 ++ 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/TODO b/TODO index 31b1519..21ca64e 100644 --- a/TODO +++ b/TODO @@ -41,8 +41,6 @@ TODO * Make actions using (host) commands check their existance early -* Ensure we copy xattrs? - * Fix race in qemu-helper (if qemu-user-static gets installed in the system chroot things will get confused) diff --git a/actions/pack_action.go b/actions/pack_action.go index cf78cb0..b8f28a7 100644 --- a/actions/pack_action.go +++ b/actions/pack_action.go @@ -35,5 +35,7 @@ func (pf *PackAction) Run(context *debos.DebosContext) error { outfile := path.Join(context.Artifactdir, pf.File) log.Printf("Compressing to %s\n", outfile) - return debos.Command{}.Run("Packing", "tar", "czf", outfile, "-C", context.Rootdir, ".") + return debos.Command{}.Run("Packing", "tar", "czf", outfile, + "--xattrs", "--xattrs-include=*.*", + "-C", context.Rootdir, ".") } diff --git a/archiver.go b/archiver.go index e67fdf6..c54f89c 100644 --- a/archiver.go +++ b/archiver.go @@ -99,6 +99,8 @@ func (tar *ArchiveTar) Unpack(destination string) error { } command = append(command, "-C", destination) command = append(command, "-x") + command = append(command, "--xattrs") + command = append(command, "--xattrs-include=*.*") if compression, ok := tar.options["tarcompression"]; ok { if unpackTarOpt := tarOptions(compression.(string)); len(unpackTarOpt) > 0 {