From 87ca750cdc3114a340af1c5bc9394cc5f6242677 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Fri, 17 Jan 2014 10:51:59 +0100
Subject: [PATCH] archive: Detect file changes to capability bits

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 archive/changes.go | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/archive/changes.go b/archive/changes.go
index b46b13bbe7..a9eba8196f 100644
--- a/archive/changes.go
+++ b/archive/changes.go
@@ -1,6 +1,7 @@
 package archive
 
 import (
+	"bytes"
 	"code.google.com/p/go/src/pkg/archive/tar"
 	"fmt"
 	"github.com/dotcloud/docker/utils"
@@ -126,10 +127,11 @@ func Changes(layers []string, rw string) ([]Change, error) {
 }
 
 type FileInfo struct {
-	parent   *FileInfo
-	name     string
-	stat     syscall.Stat_t
-	children map[string]*FileInfo
+	parent     *FileInfo
+	name       string
+	stat       syscall.Stat_t
+	children   map[string]*FileInfo
+	capability []byte
 }
 
 func (root *FileInfo) LookUp(path string) *FileInfo {
@@ -200,7 +202,8 @@ func (info *FileInfo) addChanges(oldInfo *FileInfo, changes *[]Change) {
 				oldStat.Rdev != newStat.Rdev ||
 				// Don't look at size for dirs, its not a good measure of change
 				(oldStat.Size != newStat.Size && oldStat.Mode&syscall.S_IFDIR != syscall.S_IFDIR) ||
-				!sameFsTimeSpec(getLastModification(oldStat), getLastModification(newStat)) {
+				!sameFsTimeSpec(getLastModification(oldStat), getLastModification(newStat)) ||
+				bytes.Compare(oldChild.capability, newChild.capability) != 0 {
 				change := Change{
 					Path: newChild.path(),
 					Kind: ChangeModify,
@@ -275,6 +278,8 @@ func collectFileInfo(sourceDir string) (*FileInfo, error) {
 			return err
 		}
 
+		info.capability, _ = Lgetxattr(path, "security.capability")
+
 		parent.children[info.name] = info
 
 		return nil