Add NoSameOwner option when unpacking tars

When unpacking a TAR archive, containerd preserves file's owner: https://github.com/containerd/containerd/blob/main/archive/tar.go#L384 In some cases this behavior is not desired. In current implementation we avoid `Lchown` on Windows. Another case when this should be skipped is when using native snapshotter on darwin and running as non-root user. This PR extracts a generic option - `WithNoSameOwner` (same as `tar --no-same-owner`) to skip `Lchown` when its not required. Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
2022-09-09 15:46:18 -07:00
parent f4a905109b
commit 0f51aa874d
6 changed files with 42 additions and 12 deletions
--- a/diff/apply/apply_darwin.go
+++ b/diff/apply/apply_darwin.go
@@ -19,6 +19,7 @@ package apply
 import (
 	"context"
 	"io"
+	"os"

 	"github.com/containerd/containerd/archive"
 	"github.com/containerd/containerd/mount"
@@ -28,8 +29,14 @@ func apply(ctx context.Context, mounts []mount.Mount, r io.Reader) error {
 	// We currently do not support mounts nor bind mounts on MacOS in the containerd daemon.
 	// Using this as an exception to enable native snapshotter and allow further research.
 	if len(mounts) == 1 && mounts[0].Type == "bind" {
+		opts := []archive.ApplyOpt{}
+
+		if os.Getuid() != 0 {
+			opts = append(opts, archive.WithNoSameOwner())
+		}
+
 		path := mounts[0].Source
-		_, err := archive.Apply(ctx, path, r)
+		_, err := archive.Apply(ctx, path, r, opts...)
 		return err
 	}

--- a/diff/windows/windows.go
+++ b/diff/windows/windows.go
@@ -27,7 +27,7 @@ import (
 	"io"
 	"time"

-	winio "github.com/Microsoft/go-winio"
+	"github.com/Microsoft/go-winio"
 	"github.com/containerd/containerd/archive"
 	"github.com/containerd/containerd/archive/compression"
 	"github.com/containerd/containerd/content"
@@ -38,7 +38,7 @@ import (
 	"github.com/containerd/containerd/mount"
 	"github.com/containerd/containerd/platforms"
 	"github.com/containerd/containerd/plugin"
-	digest "github.com/opencontainers/go-digest"
+	"github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/sirupsen/logrus"
 )
@@ -144,7 +144,13 @@ func (s windowsDiff) Apply(ctx context.Context, desc ocispec.Descriptor, mounts
 		return emptyDesc, err
 	}

-	if _, err := archive.Apply(ctx, layer, rc, archive.WithParents(parentLayerPaths), archive.AsWindowsContainerLayer()); err != nil {
+	archiveOpts := []archive.ApplyOpt{
+		archive.WithParents(parentLayerPaths),
+		archive.AsWindowsContainerLayer(),
+		archive.WithNoSameOwner(), // Lchown is not supported on Windows
+	}
+
+	if _, err := archive.Apply(ctx, layer, rc, archiveOpts...); err != nil {
 		return emptyDesc, err
 	}