mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Fix file capabilities droping in Dockerfile
doCopyXattrs() never reached due to copyXattrs boolean being false, as a result file capabilities not being copied. moved copyXattr() out of doCopyXattrs() Signed-off-by: Illo Abdulrahim <abdulrahim.illo@nokia.com> Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
2bfc7aedab
commit
31f654a704
1 changed files with 11 additions and 9 deletions
|
@ -110,11 +110,13 @@ type dirMtimeInfo struct {
|
|||
stat *syscall.Stat_t
|
||||
}
|
||||
|
||||
// DirCopy copies or hardlinks the contents of one directory to another,
|
||||
// properly handling xattrs, and soft links
|
||||
// DirCopy copies or hardlinks the contents of one directory to another, properly
|
||||
// handling soft links, "security.capability" and (optionally) "trusted.overlay.opaque"
|
||||
// xattrs.
|
||||
//
|
||||
// Copying xattrs can be opted out of by passing false for copyXattrs.
|
||||
func DirCopy(srcDir, dstDir string, copyMode Mode, copyXattrs bool) error {
|
||||
// The copyOpaqueXattrs controls if "trusted.overlay.opaque" xattrs are copied.
|
||||
// Passing false disables copying "trusted.overlay.opaque" xattrs.
|
||||
func DirCopy(srcDir, dstDir string, copyMode Mode, copyOpaqueXattrs bool) error {
|
||||
copyWithFileRange := true
|
||||
copyWithFileClone := true
|
||||
|
||||
|
@ -207,7 +209,11 @@ func DirCopy(srcDir, dstDir string, copyMode Mode, copyXattrs bool) error {
|
|||
return err
|
||||
}
|
||||
|
||||
if copyXattrs {
|
||||
if err := copyXattr(srcPath, dstPath, "security.capability"); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if copyOpaqueXattrs {
|
||||
if err := doCopyXattrs(srcPath, dstPath); err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -256,10 +262,6 @@ func DirCopy(srcDir, dstDir string, copyMode Mode, copyXattrs bool) error {
|
|||
}
|
||||
|
||||
func doCopyXattrs(srcPath, dstPath string) error {
|
||||
if err := copyXattr(srcPath, dstPath, "security.capability"); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// We need to copy this attribute if it appears in an overlay upper layer, as
|
||||
// this function is used to copy those. It is set by overlay if a directory
|
||||
// is removed and then re-created and should not inherit anything from the
|
||||
|
|
Loading…
Reference in a new issue