Skip to content

Commit

Permalink
Merge pull request #1739 from giuseppe/fix-root-permission-force-mask
Browse files Browse the repository at this point in the history
archive: fix mode for root dir with ForceMask
  • Loading branch information
openshift-ci[bot] committed Oct 30, 2023
2 parents 1fa2bd4 + ff5851d commit 9665477
Showing 1 changed file with 12 additions and 7 deletions.
19 changes: 12 additions & 7 deletions pkg/archive/archive.go
Original file line number Diff line number Diff line change
Expand Up @@ -955,14 +955,8 @@ func Unpack(decompressedArchive io.Reader, dest string, options *TarOptions) err
if options.ForceMask != nil {
// if ForceMask is in place, make sure lchown is disabled.
doChown = false
uid, gid, mode, err := GetFileOwner(dest)
if err == nil {
value := fmt.Sprintf("%d:%d:0%o", uid, gid, mode)
if err := system.Lsetxattr(dest, idtools.ContainersOverrideXattr, []byte(value), 0); err != nil {
return err
}
}
}
var rootHdr *tar.Header

// Iterate through the files in the archive.
loop:
Expand Down Expand Up @@ -1007,6 +1001,9 @@ loop:
if err != nil {
return err
}
if rel == "." {
rootHdr = hdr
}
if strings.HasPrefix(rel, ".."+string(os.PathSeparator)) {
return breakoutError(fmt.Errorf("%q is outside of %q", hdr.Name, dest))
}
Expand Down Expand Up @@ -1080,6 +1077,14 @@ loop:
return err
}
}

if options.ForceMask != nil && rootHdr != nil {
value := fmt.Sprintf("%d:%d:0%o", rootHdr.Uid, rootHdr.Gid, rootHdr.Mode)
if err := system.Lsetxattr(dest, idtools.ContainersOverrideXattr, []byte(value), 0); err != nil {
return err
}
}

return nil
}

Expand Down

0 comments on commit 9665477

Please sign in to comment.