For struct Stat_t in syscall pkg:
- Ino is always uint64;
- Dev/Rdev can be uint64, uint32, or int32;
- Nlink might be uint64, uint32, or uint16.
Fix the code accordingly, adding or removing typecasts where needed,
and annotating those with //nolint:unconvert to calm down the unconvert
linter.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
The lgetxattr(2), lsetxattr(2), and llistxattr(2) syscalls on Linux
return ENOTSUP instead of EOPNOTSUPP. The same applies to getxattr(2),
setxattr(2), and listxattr(2) on macOS.
Note that EOPNOTSUPP and ENOTSUP have the same value in Linux (refer to
errno(3)).
Signed-off-by: Minseo Kim <kimminss0@outlook.kr>
If the inode was already encountered and chowned, use link(2) instead
of chown(2).
This is needed when the underlying storage (as it could be overlay
with index=off) breaks the hard link on copy up.
https://github.com/containers/storage/pull/1144 added the initial
check.
Closes: https://github.com/containers/storage/issues/1257
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Supporting macOS presents a number of challenges since the lack of
user namespaces means that operations that alter the ownership or
permissions on a file face harsh limitations, since are requested by
an unprivileged user that may need to potentially operate on arbitrary
uids/gids.
To overcome this challenges, we rely on the existing "forceMask"
feature to store the actual ownership and permission bits as an
extended attribute entry on each file.
In addition to automatically enabling "forceMask" when running on
macOS, we also need some minor changes to ensure the compatibility
with this OS. The most significant is the fact that, on macOS
SafeLchmod and SafeChmod also operate on the extended attributes, to
allow us to properly create the directories supporting the image.
With this changes in place, buildah is able to perform basic
operations on OCI images, such as downloading the image, creating a
working container, and removing them.
Signed-off-by: Sergio Lopez <slp@redhat.com>
when chowning an image, fall back to the overflow ID when a UID or GID
cannot be mapped to the target user namespace.
This ensures the chown driver works similar to what we do with
idmapped mounts when it is supported for overlay.
It is needed for CRI-O to support user namespaces in Kubernetes since
the Kubelet picks a static size for the user namespace and it might
break some images using IDs outside the picked range.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
make sure the same inode is not chowned twice. Track all the inodes
that are chowned and skip the same inode if it is encountered multiple
times.
Closes: https://github.com/containers/storage/issues/1143
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Where we ignored a pkg/system.ErrNotSupportedPlatform error
from pkg/system.Lgetxattr(), also ignore ENOTSUP/EOPNOTSUPP, as we
already do elsewhere.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The following failure has been observed in CI (see [1], [2]):
storage-chown-by-maps: chown("/some/path"): interrupted system call
While chown and chmod should be auto-restartable by the kernel (provided
all the signal handlers are installed with SA_RESTART flag), it looks
like it is not always the case, or there might be some exclusions,
so this should be handled.
Surely, the possibility of getting EINTR is amplified since Go 1.14
introduced async preemptible goroutimes (see [3]), the feature that
is implemented via frequently sending signal 22 to all threads.
Add and use wrappers for Chmod and Lchown that retry on EINTR.
[1] https://github.com/containers/podman/issues/8152
[2] https://github.com/cri-o/cri-o/pull/4310#issuecomment-718361022
[3] https://golang.org/doc/go1.14#runtime
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Functions from os package, such as os.Lchown or os.Chmod,
return an os.PathError which already contains the operation
and the file name, so there is no need to add them one more time.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This way the error messages are more informative.
Convert all the users accordingly (assuming there are no users outside
of this repo).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This is purely aesthetical -- in case we can't get struct stat_t,
return early. This improves readability and decreases the indentation.
No functional change. Please review this with --ignore-space-change.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
When we chown we not only loose the setuid flags but we also loose
the file capabilties. This means in a user namespace when we chown
ping, it looses its filecap, which means it will not longer work.
This fix will check for the security capabilies and retain them if they
exist when chowning.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Kir Kolyshkin