1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00

Merge pull request #43875 from thaJeztah/22.06_backport_42655_vfs_storage_driver

[22.06 backport] Fix file capabilities dropping in Dockerfile
This commit is contained in:
Sebastiaan van Stijn 2022-07-29 18:23:41 +02:00 committed by GitHub
commit ad0ee82f0d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -110,11 +110,13 @@ type dirMtimeInfo struct {
stat *syscall.Stat_t stat *syscall.Stat_t
} }
// DirCopy copies or hardlinks the contents of one directory to another, // DirCopy copies or hardlinks the contents of one directory to another, properly
// properly handling xattrs, and soft links // handling soft links, "security.capability" and (optionally) "trusted.overlay.opaque"
// xattrs.
// //
// Copying xattrs can be opted out of by passing false for copyXattrs. // The copyOpaqueXattrs controls if "trusted.overlay.opaque" xattrs are copied.
func DirCopy(srcDir, dstDir string, copyMode Mode, copyXattrs bool) error { // Passing false disables copying "trusted.overlay.opaque" xattrs.
func DirCopy(srcDir, dstDir string, copyMode Mode, copyOpaqueXattrs bool) error {
copyWithFileRange := true copyWithFileRange := true
copyWithFileClone := true copyWithFileClone := true
@ -207,7 +209,11 @@ func DirCopy(srcDir, dstDir string, copyMode Mode, copyXattrs bool) error {
return err return err
} }
if copyXattrs { if err := copyXattr(srcPath, dstPath, "security.capability"); err != nil {
return err
}
if copyOpaqueXattrs {
if err := doCopyXattrs(srcPath, dstPath); err != nil { if err := doCopyXattrs(srcPath, dstPath); err != nil {
return err return err
} }
@ -256,10 +262,6 @@ func DirCopy(srcDir, dstDir string, copyMode Mode, copyXattrs bool) error {
} }
func doCopyXattrs(srcPath, dstPath string) error { func doCopyXattrs(srcPath, dstPath string) error {
if err := copyXattr(srcPath, dstPath, "security.capability"); err != nil {
return err
}
// We need to copy this attribute if it appears in an overlay upper layer, as // We need to copy this attribute if it appears in an overlay upper layer, as
// this function is used to copy those. It is set by overlay if a directory // this function is used to copy those. It is set by overlay if a directory
// is removed and then re-created and should not inherit anything from the // is removed and then re-created and should not inherit anything from the