The lgetxattr(2), lsetxattr(2), and llistxattr(2) syscalls on Linux
return ENOTSUP instead of EOPNOTSUPP. The same applies to getxattr(2),
setxattr(2), and listxattr(2) on macOS.
Note that EOPNOTSUPP and ENOTSUP have the same value in Linux (refer to
errno(3)).
Signed-off-by: Minseo Kim <kimminss0@outlook.kr>
Supporting macOS presents a number of challenges since the lack of
user namespaces means that operations that alter the ownership or
permissions on a file face harsh limitations, since are requested by
an unprivileged user that may need to potentially operate on arbitrary
uids/gids.
To overcome this challenges, we rely on the existing "forceMask"
feature to store the actual ownership and permission bits as an
extended attribute entry on each file.
In addition to automatically enabling "forceMask" when running on
macOS, we also need some minor changes to ensure the compatibility
with this OS. The most significant is the fact that, on macOS
SafeLchmod and SafeChmod also operate on the extended attributes, to
allow us to properly create the directories supporting the image.
With this changes in place, buildah is able to perform basic
operations on OCI images, such as downloading the image, creating a
working container, and removing them.
Signed-off-by: Sergio Lopez <slp@redhat.com>
Minseo Kim