From d5d5cccb7ee1d081edd24391bd2b3da9db5f3373 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 19 Jan 2021 12:52:53 +0900 Subject: [PATCH] pkg/archive: allow mknodding FIFO inside userns Fix #41803 Also attempt to mknod devices. Mknodding devices are likely to fail, but still worth trying when running with a seccomp user notification. Signed-off-by: Akihiro Suda --- pkg/archive/archive_unix.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkg/archive/archive_unix.go b/pkg/archive/archive_unix.go index 900661423d..0b92bb0f4a 100644 --- a/pkg/archive/archive_unix.go +++ b/pkg/archive/archive_unix.go @@ -81,11 +81,6 @@ func getFileUIDGID(stat interface{}) (idtools.Identity, error) { // handleTarTypeBlockCharFifo is an OS-specific helper function used by // createTarFile to handle the following types of header: Block; Char; Fifo func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error { - if sys.RunningInUserNS() { - // cannot create a device if running in user namespace - return nil - } - mode := uint32(hdr.Mode & 07777) switch hdr.Typeflag { case tar.TypeBlock: @@ -96,7 +91,12 @@ func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error { mode |= unix.S_IFIFO } - return system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor))) + err := system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor))) + if errors.Is(err, syscall.EPERM) && sys.RunningInUserNS() { + // In most cases, cannot create a device if running in user namespace + err = nil + } + return err } func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error {