kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity
moby--moby/pkg/archive/archive_unix.go

118 lines
3.2 KiB
Go
Raw Permalink Normal View History

Update to Go 1.17.0, and gofmt with Go 1.17 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-23 13:14:53 +00:00
//go:build !windows
Refactor pkg/archive with a platform-independent stat struct pkg/archive contains code both invoked from cli (cross platform) and daemon (linux only) and Unix-specific dependencies break compilation on Windows. We extracted those stat-related funcs into platform specific implementations at pkg/system and added unit tests. Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
2014-11-13 20:36:05 +00:00
// +build !windows
Add canonical import comment Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-05 21:05:59 +00:00
package archive // import "github.com/docker/docker/pkg/archive"
Refactor pkg/archive with a platform-independent stat struct pkg/archive contains code both invoked from cli (cross platform) and daemon (linux only) and Unix-specific dependencies break compilation on Windows. We extracted those stat-related funcs into platform specific implementations at pkg/system and added unit tests. Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
2014-11-13 20:36:05 +00:00
import (
Finally remove our copy of "archive/tar" now that Go 1.4 is the minimum! IT'S ABOUT TIME. :tada: Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2015-05-01 22:01:10 +00:00
"archive/tar"
Refactor pkg/archive with a platform-independent stat struct pkg/archive contains code both invoked from cli (cross platform) and daemon (linux only) and Unix-specific dependencies break compilation on Windows. We extracted those stat-related funcs into platform specific implementations at pkg/system and added unit tests. Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
2014-11-13 20:36:05 +00:00
"errors"
pkg/archive: adjust chmod bits on windows This change modifies the chmod bits of build context archives built on windows to preserve the execute bit and remove the r/w bits from grp/others. Also adjusted integ-cli tests to verify permissions based on the platform the tests are running. Fixes #11047. Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
2015-03-04 02:40:16 +00:00
"os"
Fixing Tar functions to support Windows long paths. Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
2015-08-10 22:21:30 +00:00
"path/filepath"
pkg/archive: keep walkRoot clean if source is / Previously, getWalkRoot("/", "foo") would return "//foo" Now it returns "/foo" Signed-off-by: Tibor Vass <tibor@docker.com>
2019-06-12 23:01:04 +00:00
"strings"
Refactor pkg/archive with a platform-independent stat struct pkg/archive contains code both invoked from cli (cross platform) and daemon (linux only) and Unix-specific dependencies break compilation on Windows. We extracted those stat-related funcs into platform specific implementations at pkg/system and added unit tests. Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
2014-11-13 20:36:05 +00:00
"syscall"
Windows: Archive package changes for Windows daemon Signed-off-by: John Howard <jhoward@microsoft.com>
2015-05-07 22:14:11 +00:00
replace uses of deprecated containerd/sys.RunningInUserNS() This utility was moved to a separate package, which has no dependencies. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-18 09:01:24 +00:00
"github.com/containerd/containerd/pkg/userns"
Remove ToHost and replace it with IDMappings.ToHost Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-05-31 21:18:04 +00:00
"github.com/docker/docker/pkg/idtools"
Windows: Archive package changes for Windows daemon Signed-off-by: John Howard <jhoward@microsoft.com>
2015-05-07 22:14:11 +00:00
"github.com/docker/docker/pkg/system"
[project] change syscall to /x/sys/unix|windows Changes most references of syscall to golang.org/x/sys/ Ones aren't changes include, Errno, Signal and SysProcAttr as they haven't been implemented in /x/sys/. Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com> [s390x] switch utsname from unsigned to signed per https://github.com/golang/sys/commit/33267e036fd93fcd26ea95b7bdaf2d8306cb743c char in s390x in the /x/sys/unix package is now signed, so change the buildtags Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
2017-05-23 14:22:32 +00:00
"golang.org/x/sys/unix"
Refactor pkg/archive with a platform-independent stat struct pkg/archive contains code both invoked from cli (cross platform) and daemon (linux only) and Unix-specific dependencies break compilation on Windows. We extracted those stat-related funcs into platform specific implementations at pkg/system and added unit tests. Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
2014-11-13 20:36:05 +00:00
)
Remove local fork of archive/tar package A copy of Go's archive/tar packge was vendored with a patch applied to mitigate CVE-2019-14271. Vendoring standard library packages is not supported by Go in module-aware mode, which is getting in the way of maintenance. A different approach to mitigate the vulnerability is needed which does not involve vendoring parts of the standard library. glibc implements name service lookups such as users, groups and DNS using a scheme known as Name Service Switch. The services are implemented as modules, shared libraries which glibc dynamically links into the process the first time a function requiring the module is called. This is the crux of the vulnerability: if a process linked against glibc chroots, then calls one of the functions implemented with NSS for the first time, glibc may load NSS modules out of the chrooted filesystem. The API underlying the `docker cp` command is implemented by forking a new process which chroots into the container's rootfs and writes a tar stream of files from the container over standard output. It utilizes the Go standard library's archive/tar package to write the tar stream. It makes use of the tar.FileInfoHeader function to construct a tar.Header value from an fs.FileInfo value. In modern versions of Go on *nix platforms, FileInfoHeader will attempt to resolve the file's UID and GID to their respective user and group names by calling the os/user functions LookupId and LookupGroupId. The cgo implementation of os/user on *nix performs lookups by calling the corresponding libc functions. So when linked against glibc, calls to tar.FileInfoHeader after the process has chrooted into the container's rootfs can have the side effect of loading NSS modules from the container! Without any mitigations, a malicious container image author can trivially get arbitrary code execution by leveraging this vulnerability and escape the chroot (which is not a sandbox) into the host. Mitigate the vulnerability without patching or forking archive/tar by hiding the OS-dependent file info from tar.FileInfoHeader which it needs to perform the lookups. Without that information available it falls back to populating the tar.Header with only the information obtainable directly from the FileInfo value without making any calls into os/user. Fixes #42402 Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-01-24 20:33:54 +00:00
func init() {
sysStat = statUnix
}
Fixing Tar functions to support Windows long paths. Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
2015-08-10 22:21:30 +00:00
// fixVolumePathPrefix does platform specific processing to ensure that if
// the path being passed in is not in a volume path format, convert it to one.
func fixVolumePathPrefix(srcPath string) string {
return srcPath
}
// getWalkRoot calculates the root path when performing a TarWithOptions.
Fix typos found across repository Signed-off-by: Justas Brazauskas <brazauskasjustas@gmail.com>
2015-12-13 16:00:39 +00:00
// We use a separate function as this is platform specific. On Linux, we
Fixing Tar functions to support Windows long paths. Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
2015-08-10 22:21:30 +00:00
// can't use filepath.Join(srcPath,include) because this will clean away
// a trailing "." or "/" which may be important.
func getWalkRoot(srcPath string, include string) string {
pkg/archive: keep walkRoot clean if source is / Previously, getWalkRoot("/", "foo") would return "//foo" Now it returns "/foo" Signed-off-by: Tibor Vass <tibor@docker.com>
2019-06-12 23:01:04 +00:00
return strings.TrimSuffix(srcPath, string(filepath.Separator)) + string(filepath.Separator) + include
Fixing Tar functions to support Windows long paths. Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
2015-08-10 22:21:30 +00:00
}
pkg/archive: adjust chmod bits on windows This change modifies the chmod bits of build context archives built on windows to preserve the execute bit and remove the r/w bits from grp/others. Also adjusted integ-cli tests to verify permissions based on the platform the tests are running. Fixes #11047. Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
2015-03-04 02:40:16 +00:00
// chmodTarEntry is used to adjust the file permissions used in tar header based
// on the platform the archival is done.
func chmodTarEntry(perm os.FileMode) os.FileMode {
return perm // noop for unix as golang APIs provide perm bits correctly
}
Remove local fork of archive/tar package A copy of Go's archive/tar packge was vendored with a patch applied to mitigate CVE-2019-14271. Vendoring standard library packages is not supported by Go in module-aware mode, which is getting in the way of maintenance. A different approach to mitigate the vulnerability is needed which does not involve vendoring parts of the standard library. glibc implements name service lookups such as users, groups and DNS using a scheme known as Name Service Switch. The services are implemented as modules, shared libraries which glibc dynamically links into the process the first time a function requiring the module is called. This is the crux of the vulnerability: if a process linked against glibc chroots, then calls one of the functions implemented with NSS for the first time, glibc may load NSS modules out of the chrooted filesystem. The API underlying the `docker cp` command is implemented by forking a new process which chroots into the container's rootfs and writes a tar stream of files from the container over standard output. It utilizes the Go standard library's archive/tar package to write the tar stream. It makes use of the tar.FileInfoHeader function to construct a tar.Header value from an fs.FileInfo value. In modern versions of Go on *nix platforms, FileInfoHeader will attempt to resolve the file's UID and GID to their respective user and group names by calling the os/user functions LookupId and LookupGroupId. The cgo implementation of os/user on *nix performs lookups by calling the corresponding libc functions. So when linked against glibc, calls to tar.FileInfoHeader after the process has chrooted into the container's rootfs can have the side effect of loading NSS modules from the container! Without any mitigations, a malicious container image author can trivially get arbitrary code execution by leveraging this vulnerability and escape the chroot (which is not a sandbox) into the host. Mitigate the vulnerability without patching or forking archive/tar by hiding the OS-dependent file info from tar.FileInfoHeader which it needs to perform the lookups. Without that information available it falls back to populating the tar.Header with only the information obtainable directly from the FileInfo value without making any calls into os/user. Fixes #42402 Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-01-24 20:33:54 +00:00
// statUnix populates hdr from system-dependent fields of fi without performing
// any OS lookups.
func statUnix(fi os.FileInfo, hdr *tar.Header) error {
s, ok := fi.Sys().(*syscall.Stat_t)
if !ok {
return nil
}
Refactor pkg/archive with a platform-independent stat struct pkg/archive contains code both invoked from cli (cross platform) and daemon (linux only) and Unix-specific dependencies break compilation on Windows. We extracted those stat-related funcs into platform specific implementations at pkg/system and added unit tests. Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
2014-11-13 20:36:05 +00:00
Remove local fork of archive/tar package A copy of Go's archive/tar packge was vendored with a patch applied to mitigate CVE-2019-14271. Vendoring standard library packages is not supported by Go in module-aware mode, which is getting in the way of maintenance. A different approach to mitigate the vulnerability is needed which does not involve vendoring parts of the standard library. glibc implements name service lookups such as users, groups and DNS using a scheme known as Name Service Switch. The services are implemented as modules, shared libraries which glibc dynamically links into the process the first time a function requiring the module is called. This is the crux of the vulnerability: if a process linked against glibc chroots, then calls one of the functions implemented with NSS for the first time, glibc may load NSS modules out of the chrooted filesystem. The API underlying the `docker cp` command is implemented by forking a new process which chroots into the container's rootfs and writes a tar stream of files from the container over standard output. It utilizes the Go standard library's archive/tar package to write the tar stream. It makes use of the tar.FileInfoHeader function to construct a tar.Header value from an fs.FileInfo value. In modern versions of Go on *nix platforms, FileInfoHeader will attempt to resolve the file's UID and GID to their respective user and group names by calling the os/user functions LookupId and LookupGroupId. The cgo implementation of os/user on *nix performs lookups by calling the corresponding libc functions. So when linked against glibc, calls to tar.FileInfoHeader after the process has chrooted into the container's rootfs can have the side effect of loading NSS modules from the container! Without any mitigations, a malicious container image author can trivially get arbitrary code execution by leveraging this vulnerability and escape the chroot (which is not a sandbox) into the host. Mitigate the vulnerability without patching or forking archive/tar by hiding the OS-dependent file info from tar.FileInfoHeader which it needs to perform the lookups. Without that information available it falls back to populating the tar.Header with only the information obtainable directly from the FileInfo value without making any calls into os/user. Fixes #42402 Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-01-24 20:33:54 +00:00
hdr.Uid = int(s.Uid)
hdr.Gid = int(s.Gid)
if s.Mode&unix.S_IFBLK != 0 ||
s.Mode&unix.S_IFCHR != 0 {
hdr.Devmajor = int64(unix.Major(uint64(s.Rdev))) //nolint: unconvert
hdr.Devminor = int64(unix.Minor(uint64(s.Rdev))) //nolint: unconvert
Refactor pkg/archive with a platform-independent stat struct pkg/archive contains code both invoked from cli (cross platform) and daemon (linux only) and Unix-specific dependencies break compilation on Windows. We extracted those stat-related funcs into platform specific implementations at pkg/system and added unit tests. Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
2014-11-13 20:36:05 +00:00
}
Remove local fork of archive/tar package A copy of Go's archive/tar packge was vendored with a patch applied to mitigate CVE-2019-14271. Vendoring standard library packages is not supported by Go in module-aware mode, which is getting in the way of maintenance. A different approach to mitigate the vulnerability is needed which does not involve vendoring parts of the standard library. glibc implements name service lookups such as users, groups and DNS using a scheme known as Name Service Switch. The services are implemented as modules, shared libraries which glibc dynamically links into the process the first time a function requiring the module is called. This is the crux of the vulnerability: if a process linked against glibc chroots, then calls one of the functions implemented with NSS for the first time, glibc may load NSS modules out of the chrooted filesystem. The API underlying the `docker cp` command is implemented by forking a new process which chroots into the container's rootfs and writes a tar stream of files from the container over standard output. It utilizes the Go standard library's archive/tar package to write the tar stream. It makes use of the tar.FileInfoHeader function to construct a tar.Header value from an fs.FileInfo value. In modern versions of Go on *nix platforms, FileInfoHeader will attempt to resolve the file's UID and GID to their respective user and group names by calling the os/user functions LookupId and LookupGroupId. The cgo implementation of os/user on *nix performs lookups by calling the corresponding libc functions. So when linked against glibc, calls to tar.FileInfoHeader after the process has chrooted into the container's rootfs can have the side effect of loading NSS modules from the container! Without any mitigations, a malicious container image author can trivially get arbitrary code execution by leveraging this vulnerability and escape the chroot (which is not a sandbox) into the host. Mitigate the vulnerability without patching or forking archive/tar by hiding the OS-dependent file info from tar.FileInfoHeader which it needs to perform the lookups. Without that information available it falls back to populating the tar.Header with only the information obtainable directly from the FileInfo value without making any calls into os/user. Fixes #42402 Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-01-24 20:33:54 +00:00
return nil
Refactor pkg/archive with a platform-independent stat struct pkg/archive contains code both invoked from cli (cross platform) and daemon (linux only) and Unix-specific dependencies break compilation on Windows. We extracted those stat-related funcs into platform specific implementations at pkg/system and added unit tests. Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
2014-11-13 20:36:05 +00:00
}
Add support for COPY from previous rootfs Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-03-15 22:28:06 +00:00
func getInodeFromStat(stat interface{}) (inode uint64, err error) {
s, ok := stat.(*syscall.Stat_t)
Implement incremental file sync using client session Also exposes shared cache and garbage collection/prune for the source data. Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-05-15 21:54:27 +00:00
if ok {
Add unconvert linter Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-24 17:11:44 +00:00
inode = s.Ino
Add support for COPY from previous rootfs Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-03-15 22:28:06 +00:00
}
return
}
Add ADD/COPY --chown flag support to Windows This implements chown support on Windows. Built-in accounts as well as accounts included in the SAM database of the container are supported. NOTE: IDPair is now named Identity and IDMappings is now named IdentityMapping. The following are valid examples: ADD --chown=Guest . <some directory> COPY --chown=Administrator . <some directory> COPY --chown=Guests . <some directory> COPY --chown=ContainerUser . <some directory> On Windows an owner is only granted the permission to read the security descriptor and read/write the discretionary access control list. This fix also grants read/write and execute permissions to the owner. Signed-off-by: Salahuddin Khan <salah@docker.com>
2017-11-16 06:20:33 +00:00
func getFileUIDGID(stat interface{}) (idtools.Identity, error) {
Add user namespace (mapping) support to the Docker engine Adds support for the daemon to handle user namespace maps as a per-daemon setting. Support for handling uid/gid mapping is added to the builder, archive/unarchive packages and functions, all graphdrivers (except Windows), and the test suite is updated to handle user namespace daemon rootgraph changes. Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-10-08 15:51:41 +00:00
s, ok := stat.(*syscall.Stat_t)
if !ok {
Add ADD/COPY --chown flag support to Windows This implements chown support on Windows. Built-in accounts as well as accounts included in the SAM database of the container are supported. NOTE: IDPair is now named Identity and IDMappings is now named IdentityMapping. The following are valid examples: ADD --chown=Guest . <some directory> COPY --chown=Administrator . <some directory> COPY --chown=Guests . <some directory> COPY --chown=ContainerUser . <some directory> On Windows an owner is only granted the permission to read the security descriptor and read/write the discretionary access control list. This fix also grants read/write and execute permissions to the owner. Signed-off-by: Salahuddin Khan <salah@docker.com>
2017-11-16 06:20:33 +00:00
return idtools.Identity{}, errors.New("cannot convert stat value to syscall.Stat_t")
Add user namespace (mapping) support to the Docker engine Adds support for the daemon to handle user namespace maps as a per-daemon setting. Support for handling uid/gid mapping is added to the builder, archive/unarchive packages and functions, all graphdrivers (except Windows), and the test suite is updated to handle user namespace daemon rootgraph changes. Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-10-08 15:51:41 +00:00
}
Add ADD/COPY --chown flag support to Windows This implements chown support on Windows. Built-in accounts as well as accounts included in the SAM database of the container are supported. NOTE: IDPair is now named Identity and IDMappings is now named IdentityMapping. The following are valid examples: ADD --chown=Guest . <some directory> COPY --chown=Administrator . <some directory> COPY --chown=Guests . <some directory> COPY --chown=ContainerUser . <some directory> On Windows an owner is only granted the permission to read the security descriptor and read/write the discretionary access control list. This fix also grants read/write and execute permissions to the owner. Signed-off-by: Salahuddin Khan <salah@docker.com>
2017-11-16 06:20:33 +00:00
return idtools.Identity{UID: int(s.Uid), GID: int(s.Gid)}, nil
Add user namespace (mapping) support to the Docker engine Adds support for the daemon to handle user namespace maps as a per-daemon setting. Support for handling uid/gid mapping is added to the builder, archive/unarchive packages and functions, all graphdrivers (except Windows), and the test suite is updated to handle user namespace daemon rootgraph changes. Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-10-08 15:51:41 +00:00
}
Windows: Archive package changes for Windows daemon Signed-off-by: John Howard <jhoward@microsoft.com>
2015-05-07 22:14:11 +00:00
// handleTarTypeBlockCharFifo is an OS-specific helper function used by
// createTarFile to handle the following types of header: Block; Char; Fifo
func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
mode := uint32(hdr.Mode & 07777)
switch hdr.Typeflag {
case tar.TypeBlock:
[project] change syscall to /x/sys/unix|windows Changes most references of syscall to golang.org/x/sys/ Ones aren't changes include, Errno, Signal and SysProcAttr as they haven't been implemented in /x/sys/. Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com> [s390x] switch utsname from unsigned to signed per https://github.com/golang/sys/commit/33267e036fd93fcd26ea95b7bdaf2d8306cb743c char in s390x in the /x/sys/unix package is now signed, so change the buildtags Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
2017-05-23 14:22:32 +00:00
mode |= unix.S_IFBLK
Windows: Archive package changes for Windows daemon Signed-off-by: John Howard <jhoward@microsoft.com>
2015-05-07 22:14:11 +00:00
case tar.TypeChar:
[project] change syscall to /x/sys/unix|windows Changes most references of syscall to golang.org/x/sys/ Ones aren't changes include, Errno, Signal and SysProcAttr as they haven't been implemented in /x/sys/. Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com> [s390x] switch utsname from unsigned to signed per https://github.com/golang/sys/commit/33267e036fd93fcd26ea95b7bdaf2d8306cb743c char in s390x in the /x/sys/unix package is now signed, so change the buildtags Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
2017-05-23 14:22:32 +00:00
mode |= unix.S_IFCHR
Windows: Archive package changes for Windows daemon Signed-off-by: John Howard <jhoward@microsoft.com>
2015-05-07 22:14:11 +00:00
case tar.TypeFifo:
[project] change syscall to /x/sys/unix|windows Changes most references of syscall to golang.org/x/sys/ Ones aren't changes include, Errno, Signal and SysProcAttr as they haven't been implemented in /x/sys/. Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com> [s390x] switch utsname from unsigned to signed per https://github.com/golang/sys/commit/33267e036fd93fcd26ea95b7bdaf2d8306cb743c char in s390x in the /x/sys/unix package is now signed, so change the buildtags Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
2017-05-23 14:22:32 +00:00
mode |= unix.S_IFIFO
Windows: Archive package changes for Windows daemon Signed-off-by: John Howard <jhoward@microsoft.com>
2015-05-07 22:14:11 +00:00
}
pkg/archive: allow mknodding FIFO inside userns Fix #41803 Also attempt to mknod devices. Mknodding devices are likely to fail, but still worth trying when running with a seccomp user notification. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-01-19 03:52:53 +00:00
err := system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor)))
replace uses of deprecated containerd/sys.RunningInUserNS() This utility was moved to a separate package, which has no dependencies. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-18 09:01:24 +00:00
if errors.Is(err, syscall.EPERM) && userns.RunningInUserNS() {
pkg/archive: allow mknodding FIFO inside userns Fix #41803 Also attempt to mknod devices. Mknodding devices are likely to fail, but still worth trying when running with a seccomp user notification. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-01-19 03:52:53 +00:00
// In most cases, cannot create a device if running in user namespace
err = nil
}
return err
Windows: Archive package changes for Windows daemon Signed-off-by: John Howard <jhoward@microsoft.com>
2015-05-07 22:14:11 +00:00
}
func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error {
if hdr.Typeflag == tar.TypeLink {
if fi, err := os.Lstat(hdr.Linkname); err == nil && (fi.Mode()&os.ModeSymlink == 0) {
if err := os.Chmod(path, hdrInfo.Mode()); err != nil {
return err
}
}
} else if hdr.Typeflag != tar.TypeSymlink {
if err := os.Chmod(path, hdrInfo.Mode()); err != nil {
return err
}
}
return nil
}