kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity
moby--moby/builder/dockerfile/internals_linux.go

89 lines
2.8 KiB
Go
Raw Normal View History

Add canonical import comment Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-05 16:05:59 -05:00
package dockerfile // import "github.com/docker/docker/builder/dockerfile"
Fixes for libcontainer changes Libcontainer no longer provides placeholders for unsupported platforms, which cause the Windows builds to fail. This patch moves features that are not supported to platform-specific files. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-01-12 20:57:50 -05:00
import (
"path/filepath"
"strconv"
"strings"
"github.com/docker/docker/pkg/idtools"
"github.com/docker/docker/pkg/symlink"
lcUser "github.com/opencontainers/runc/libcontainer/user"
"github.com/pkg/errors"
)
Add ADD/COPY --chown flag support to Windows This implements chown support on Windows. Built-in accounts as well as accounts included in the SAM database of the container are supported. NOTE: IDPair is now named Identity and IDMappings is now named IdentityMapping. The following are valid examples: ADD --chown=Guest . <some directory> COPY --chown=Administrator . <some directory> COPY --chown=Guests . <some directory> COPY --chown=ContainerUser . <some directory> On Windows an owner is only granted the permission to read the security descriptor and read/write the discretionary access control list. This fix also grants read/write and execute permissions to the owner. Signed-off-by: Salahuddin Khan <salah@docker.com>
2017-11-16 01:20:33 -05:00
func parseChownFlag(builder *Builder, state *dispatchState, chown, ctrRootPath string, identityMapping *idtools.IdentityMapping) (idtools.Identity, error) {
Fixes for libcontainer changes Libcontainer no longer provides placeholders for unsupported platforms, which cause the Windows builds to fail. This patch moves features that are not supported to platform-specific files. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-01-12 20:57:50 -05:00
var userStr, grpStr string
parts := strings.Split(chown, ":")
if len(parts) > 2 {
Add ADD/COPY --chown flag support to Windows This implements chown support on Windows. Built-in accounts as well as accounts included in the SAM database of the container are supported. NOTE: IDPair is now named Identity and IDMappings is now named IdentityMapping. The following are valid examples: ADD --chown=Guest . <some directory> COPY --chown=Administrator . <some directory> COPY --chown=Guests . <some directory> COPY --chown=ContainerUser . <some directory> On Windows an owner is only granted the permission to read the security descriptor and read/write the discretionary access control list. This fix also grants read/write and execute permissions to the owner. Signed-off-by: Salahuddin Khan <salah@docker.com>
2017-11-16 01:20:33 -05:00
return idtools.Identity{}, errors.New("invalid chown string format: " + chown)
Fixes for libcontainer changes Libcontainer no longer provides placeholders for unsupported platforms, which cause the Windows builds to fail. This patch moves features that are not supported to platform-specific files. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-01-12 20:57:50 -05:00
}
if len(parts) == 1 {
// if no group specified, use the user spec as group as well
userStr, grpStr = parts[0], parts[0]
} else {
userStr, grpStr = parts[0], parts[1]
}
passwdPath, err := symlink.FollowSymlinkInScope(filepath.Join(ctrRootPath, "etc", "passwd"), ctrRootPath)
if err != nil {
Add ADD/COPY --chown flag support to Windows This implements chown support on Windows. Built-in accounts as well as accounts included in the SAM database of the container are supported. NOTE: IDPair is now named Identity and IDMappings is now named IdentityMapping. The following are valid examples: ADD --chown=Guest . <some directory> COPY --chown=Administrator . <some directory> COPY --chown=Guests . <some directory> COPY --chown=ContainerUser . <some directory> On Windows an owner is only granted the permission to read the security descriptor and read/write the discretionary access control list. This fix also grants read/write and execute permissions to the owner. Signed-off-by: Salahuddin Khan <salah@docker.com>
2017-11-16 01:20:33 -05:00
return idtools.Identity{}, errors.Wrapf(err, "can't resolve /etc/passwd path in container rootfs")
Fixes for libcontainer changes Libcontainer no longer provides placeholders for unsupported platforms, which cause the Windows builds to fail. This patch moves features that are not supported to platform-specific files. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-01-12 20:57:50 -05:00
}
groupPath, err := symlink.FollowSymlinkInScope(filepath.Join(ctrRootPath, "etc", "group"), ctrRootPath)
if err != nil {
Add ADD/COPY --chown flag support to Windows This implements chown support on Windows. Built-in accounts as well as accounts included in the SAM database of the container are supported. NOTE: IDPair is now named Identity and IDMappings is now named IdentityMapping. The following are valid examples: ADD --chown=Guest . <some directory> COPY --chown=Administrator . <some directory> COPY --chown=Guests . <some directory> COPY --chown=ContainerUser . <some directory> On Windows an owner is only granted the permission to read the security descriptor and read/write the discretionary access control list. This fix also grants read/write and execute permissions to the owner. Signed-off-by: Salahuddin Khan <salah@docker.com>
2017-11-16 01:20:33 -05:00
return idtools.Identity{}, errors.Wrapf(err, "can't resolve /etc/group path in container rootfs")
Fixes for libcontainer changes Libcontainer no longer provides placeholders for unsupported platforms, which cause the Windows builds to fail. This patch moves features that are not supported to platform-specific files. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-01-12 20:57:50 -05:00
}
uid, err := lookupUser(userStr, passwdPath)
if err != nil {
Add ADD/COPY --chown flag support to Windows This implements chown support on Windows. Built-in accounts as well as accounts included in the SAM database of the container are supported. NOTE: IDPair is now named Identity and IDMappings is now named IdentityMapping. The following are valid examples: ADD --chown=Guest . <some directory> COPY --chown=Administrator . <some directory> COPY --chown=Guests . <some directory> COPY --chown=ContainerUser . <some directory> On Windows an owner is only granted the permission to read the security descriptor and read/write the discretionary access control list. This fix also grants read/write and execute permissions to the owner. Signed-off-by: Salahuddin Khan <salah@docker.com>
2017-11-16 01:20:33 -05:00
return idtools.Identity{}, errors.Wrapf(err, "can't find uid for user "+userStr)
Fixes for libcontainer changes Libcontainer no longer provides placeholders for unsupported platforms, which cause the Windows builds to fail. This patch moves features that are not supported to platform-specific files. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-01-12 20:57:50 -05:00
}
gid, err := lookupGroup(grpStr, groupPath)
if err != nil {
Add ADD/COPY --chown flag support to Windows This implements chown support on Windows. Built-in accounts as well as accounts included in the SAM database of the container are supported. NOTE: IDPair is now named Identity and IDMappings is now named IdentityMapping. The following are valid examples: ADD --chown=Guest . <some directory> COPY --chown=Administrator . <some directory> COPY --chown=Guests . <some directory> COPY --chown=ContainerUser . <some directory> On Windows an owner is only granted the permission to read the security descriptor and read/write the discretionary access control list. This fix also grants read/write and execute permissions to the owner. Signed-off-by: Salahuddin Khan <salah@docker.com>
2017-11-16 01:20:33 -05:00
return idtools.Identity{}, errors.Wrapf(err, "can't find gid for group "+grpStr)
Fixes for libcontainer changes Libcontainer no longer provides placeholders for unsupported platforms, which cause the Windows builds to fail. This patch moves features that are not supported to platform-specific files. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-01-12 20:57:50 -05:00
}
// convert as necessary because of user namespaces
Add ADD/COPY --chown flag support to Windows This implements chown support on Windows. Built-in accounts as well as accounts included in the SAM database of the container are supported. NOTE: IDPair is now named Identity and IDMappings is now named IdentityMapping. The following are valid examples: ADD --chown=Guest . <some directory> COPY --chown=Administrator . <some directory> COPY --chown=Guests . <some directory> COPY --chown=ContainerUser . <some directory> On Windows an owner is only granted the permission to read the security descriptor and read/write the discretionary access control list. This fix also grants read/write and execute permissions to the owner. Signed-off-by: Salahuddin Khan <salah@docker.com>
2017-11-16 01:20:33 -05:00
chownPair, err := identityMapping.ToHost(idtools.Identity{UID: uid, GID: gid})
Fixes for libcontainer changes Libcontainer no longer provides placeholders for unsupported platforms, which cause the Windows builds to fail. This patch moves features that are not supported to platform-specific files. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-01-12 20:57:50 -05:00
if err != nil {
Add ADD/COPY --chown flag support to Windows This implements chown support on Windows. Built-in accounts as well as accounts included in the SAM database of the container are supported. NOTE: IDPair is now named Identity and IDMappings is now named IdentityMapping. The following are valid examples: ADD --chown=Guest . <some directory> COPY --chown=Administrator . <some directory> COPY --chown=Guests . <some directory> COPY --chown=ContainerUser . <some directory> On Windows an owner is only granted the permission to read the security descriptor and read/write the discretionary access control list. This fix also grants read/write and execute permissions to the owner. Signed-off-by: Salahuddin Khan <salah@docker.com>
2017-11-16 01:20:33 -05:00
return idtools.Identity{}, errors.Wrapf(err, "unable to convert uid/gid to host mapping")
Fixes for libcontainer changes Libcontainer no longer provides placeholders for unsupported platforms, which cause the Windows builds to fail. This patch moves features that are not supported to platform-specific files. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-01-12 20:57:50 -05:00
}
return chownPair, nil
}
func lookupUser(userStr, filepath string) (int, error) {
// if the string is actually a uid integer, parse to int and return
// as we don't need to translate with the help of files
uid, err := strconv.Atoi(userStr)
if err == nil {
return uid, nil
}
users, err := lcUser.ParsePasswdFileFilter(filepath, func(u lcUser.User) bool {
return u.Name == userStr
})
if err != nil {
return 0, err
}
if len(users) == 0 {
return 0, errors.New("no such user: " + userStr)
}
return users[0].Uid, nil
}
func lookupGroup(groupStr, filepath string) (int, error) {
// if the string is actually a gid integer, parse to int and return
// as we don't need to translate with the help of files
gid, err := strconv.Atoi(groupStr)
if err == nil {
return gid, nil
}
groups, err := lcUser.ParseGroupFileFilter(filepath, func(g lcUser.Group) bool {
return g.Name == groupStr
})
if err != nil {
return 0, err
}
if len(groups) == 0 {
return 0, errors.New("no such group: " + groupStr)
}
return groups[0].Gid, nil
}
Copy permalink